Wednesday, November 29, 2023

[USN-6525-1] pysha3 vulnerability

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmVnd44ACgkQZWnYVadE
vpNDFhAAvDTbmcgZQM7rEeK9sCR7XudI37owUBRCGFzunGeYRNTAT8RYHtJtDiI1
hYxOpLT+zRQVne5cuVHFHwGOK75mAm5JFOysO0qt8/wT1uM5Xr3iiKAHXrDENHt7
wrSNtpIyfWgQ+MuMx4C49p8q3ZCQOVpVmCsa8NpHLb16/0w2DiCCtAHbTanBu7Ix
Vi0YhxerGKd5xWU10o02cOFclLtqa2Tnu6li1zWVPf+2ayfhWABwbwS1MzmwUjze
bjP9+FsRx6N4z5tTVgkpa2gJ8bn52E5lhemwNG4PxA9Keenq0993moFFtS/NqBfF
W2aednVg7ksgAvNmriDFUkCgsvUrg7tUMyJweoPN9G0zEwf7/B2Y26Bb+VN9wjVV
MMp5qYf2v/IVnhV3G55AVX5V/PM3G1zs2jUc4bBCRoACHy1cgeqHiIlTG+r9ZSV6
0yDD0TnaPQUfeHoq6X28REs6lCOj6rfK1oIsGVuxp3fri09MflYc1h2Eay6TJKpD
eeDdHXMND+J7nol9JvSNlSV3I5Jx/V2FTFw6Iaqrtk4h0ep69yTNHEO3k80gdyug
7qb3Fq3Sl7kNS9ue/rd36yVO670Zqyy6ncOatb991l03XQyP2vtLFD9m9dt6hAJP
dVAWjo5jA9s6E4vjA946C3HClhS3+yImSsjIroKrBpOufPsOtkM=
=QD4Y
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6525-1
November 29, 2023

pysha3 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

pysha3 could be made to crash or run programs if it received specially
crafted data.

Software Description:
- pysha3: SHA-3 (Keccak) hash implementation

Details:

Nicky Mouha discovered that pysha incorrectly handled certain SHA-3
operations. An attacker could possibly use this issue to cause pysha3 to
crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
python3-sha3 1.0.2-4.2ubuntu0.22.04.1

Ubuntu 20.04 LTS:
python3-sha3 1.0.2-4ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6525-1
CVE-2022-37454

Package Information:
https://launchpad.net/ubuntu/+source/pysha3/1.0.2-4.2ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/pysha3/1.0.2-4ubuntu0.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)