漏洞类别:Fedora
漏洞等级: 
漏洞信息
Fedora has released security update for python-jwcrypto to fix the vulnerability.
Affected OS:
Fedora 24
Fedora 25
Fedora 23
漏洞危害
The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).
解决方案
Fedora has issued updated packages to fix this vulnerability. Updates can be installed using the yum utility, which can be downloaded from the Fedora Web site.
Refer to the following Fedora security advisories :Fedora 24 Update Fedora 25 Update Fedora 23 Update for more information about the vulnerability and obtaining patches.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
FEDORA-2016-7b4a60ae66: Fedora 24
0day
文章评论