Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6595-1

Ubuntu Security Notice 6595-1 - It was discovered that PyCryptodome had a timing side-channel when performing OAEP decryption. A remote attacker could possibly use this issue to recover sensitive information.

Packet Storm
#vulnerability#ubuntu
==========================================================================Ubuntu Security Notice USN-6595-1January 23, 2024pycryptodome vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:PyCryptodome could be made to expose sensitive information.Software Description:- pycryptodome: Cryptographic Python libraryDetails:It was discovered that PyCryptodome had a timing side-channel whenperforming OAEP decryption. A remote attacker could possibly use this issueto recover sensitive information.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:   python3-pycryptodome            3.11.0+dfsg1-3ubuntu0.1In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6595-1   CVE-2023-52323Package Information:   https://launchpad.net/ubuntu/+source/pycryptodome/3.11.0+dfsg1-3ubuntu0.1

Related news

Red Hat Security Advisory 2024-2010-03

Red Hat Security Advisory 2024-2010-03 - An update is now available for Red Hat Satellite 6.15. The release contains a new version of Satellite and important security fixes for various components. Issues addressed include HTTP request smuggling, crlf injection, denial of service, file disclosure, and traversal vulnerabilities.

Red Hat Security Advisory 2024-1155-03

Red Hat Security Advisory 2024-1155-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Security Advisory 2024-1057-03

Red Hat Security Advisory 2024-1057-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include crlf injection and denial of service vulnerabilities.

GHSA-j225-cvw7-qrx7: PyCryptodome and pycryptodomex side-channel leakage for OAEP decryption

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution