Debian 10232 Published by

The following updates has been released for Debian GNU/Linux 7 LTS:

DLA 1283-1: python-crypto security update
DLA 1284-1: leptonlib security update



DLA 1283-1: python-crypto security update




Package : python-crypto
Version : 2.6-4+deb7u8
CVE ID : CVE-2018-6594
Debian Bug : 889999


python-crypto generated weak ElGamal key parameters, which allowed attackers to
obtain sensitive information by reading ciphertext data (i.e., it did not have
semantic security in face of a ciphertext-only attack).

For Debian 7 "Wheezy", these problems have been fixed in version
2.6-4+deb7u8.

We recommend that you upgrade your python-crypto packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DLA 1284-1: leptonlib security update




Package : leptonlib
Version : 1.69-3.1+deb7u1
CVE ID : CVE-2018-3836
Debian Bug : 889759


Talosintelligence discovered a command injection vulnerability in the
gplotMakeOutput function of leptonlib. A specially crafted gplot
rootname argument can cause a command injection resulting in arbitrary
code execution. An attacker can provide a malicious path as input to an
application that passes attacker data to this function to trigger this
vulnerability.

For Debian 7 "Wheezy", these problems have been fixed in version
1.69-3.1+deb7u1.

We recommend that you upgrade your leptonlib packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS