USN-3199-2

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-3199-2
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3199-2.json
JSON Data
https://api.osv.dev/v1/vulns/USN-3199-2
Upstream
Related
Published
2017-02-17T17:34:13Z
Modified
2026-02-10T04:41:05Z
Summary
Python Crypto regression
Details

USN-3199-1 fixed a vulnerability in the Python Cryptography Toolkit. Unfortunately, various programs depended on the original behavior of the Python Cryptography Toolkit which was altered when fixing the vulnerability. This update retains the fix for the vulnerability but issues a warning rather than throwing an exception. Code which produces this warning should be updated because future versions of the Python Cryptography Toolkit re-introduce the exception.

We apologize for the inconvenience.

Original advisory details:

It was discovered that the ALGnew function in block_template.c in the Python Cryptography Toolkit contained a heap-based buffer overflow vulnerability. A remote attacker could use this flaw to execute arbitrary code by using a crafted initialization vector parameter.

References

Affected packages

Ubuntu:14.04:LTS / python-crypto

Package

Name
python-crypto
Purl
pkg:deb/ubuntu/python-crypto@2.6.1-4ubuntu0.2?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.1-4ubuntu0.2

Affected versions

2.*
2.6-5
2.6.1-2
2.6.1-2build1
2.6.1-3
2.6.1-4
2.6.1-4build1
2.6.1-4ubuntu0.1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "2.6.1-4ubuntu0.2",
            "binary_name": "python-crypto"
        },
        {
            "binary_version": "2.6.1-4ubuntu0.2",
            "binary_name": "python3-crypto"
        }
    ],
    "availability": "No subscription required"
}

Database specific

cves_map 
{
    "ecosystem": "Ubuntu:14.04:LTS",
    "cves": [
        {
            "id": "CVE-2013-7459",
            "severity": [
                {
                    "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        }
    ]
}
source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3199-2.json"

Ubuntu:16.04:LTS / python-crypto

Package

Name
python-crypto
Purl
pkg:deb/ubuntu/python-crypto@2.6.1-6ubuntu0.16.04.2?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.1-6ubuntu0.16.04.2

Affected versions

2.*
2.6.1-5build1
2.6.1-6
2.6.1-6build1
2.6.1-6ubuntu0.16.04.1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "2.6.1-6ubuntu0.16.04.2",
            "binary_name": "python-crypto"
        },
        {
            "binary_version": "2.6.1-6ubuntu0.16.04.2",
            "binary_name": "python3-crypto"
        }
    ],
    "availability": "No subscription required"
}

Database specific

cves_map 
{
    "ecosystem": "Ubuntu:16.04:LTS",
    "cves": [
        {
            "id": "CVE-2013-7459",
            "severity": [
                {
                    "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        }
    ]
}
source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3199-2.json"