1. 3
    ALAS-2017-801: Heap buffer overflow in pycrypto allowing remote shell access crypto python security alas.aws.amazon.com
    asthasr avatar via asthasr 1 year ago | cached | 4 comments

  1.  

  2. 2
    itamarst avatar itamarst 1 year ago | link

    PSA: don’t use pycrypto, use https://pypi.python.org/pypi/cryptography

    1. 2
      dogpellet avatar dogpellet 1 year ago | link

      I believe this is a link with technical details of the attack: http://seclists.org/oss-sec/2016/q4/760

      1. 1
        resc avatar resc 1 year ago | link

        The CVE they link is from 2013! Is there a patch that didn’t make it into this distro?

        1. 2
          tedu avatar tedu 1 year ago | link

          Sometimes a CVE is backdated. It’s the time the bug was first identified, not when it was fixed.

          http://www.openwall.com/lists/oss-security/2016/12/27/8