USN-4478-2: Python-RSA vulnerability
21 February 2022
Python-RSA could be made to expose sensitive information over the network.
Releases
Packages
- python-rsa - Pure-Python RSA implementation (Python 2)
Details
USN-4478-1 fixed a vulnerability in Python-RSA.
This update provides the corresponding update for Ubuntu 16.04 ESM,
Ubuntu 18.04 ESM and Ubuntu 20.04 ESM.
Original advisory details:
It was discovered that Python-RSA incorrectly handled certain ciphertexts.
An attacker could possibly use this issue to obtain sensitive information.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04
-
python3-rsa
-
4.0-3ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04
-
python-rsa
-
3.4.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
-
python3-rsa
-
3.4.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04
-
python-rsa
-
3.2.3-1.1ubuntu0.1~esm1
Available with Ubuntu Pro
-
python3-rsa
-
3.2.3-1.1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-4478-1: python3-rsa, python-rsa