Skip to navigation

Bug Fix Advisory m2crypto bug fix update

Advisory: RHBA-2011:1058-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2011-07-21
Last updated on: 2011-07-21
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Details

An updated m2crypto package that fixes various bugs is now available for Red Hat
Enterprise Linux 5.

m2crypto allows OpenSSL functions to be called from Python scripts.

This updated m2crypto package includes fixes for the following bugs:

* Prior to this update, the AES_crypt() function did not free a temporary
buffer. This caused a memory leak when the function was called repeatedly. This
problem has been fixed and the AES_crypt() function now frees memory correctly.
(BZ#659881)

* Previously, calling the m.2asn1_INTEGER_get() function resulted in an
incorrect numerical value for the serial number due to a data type mismatch. As
a consequence, the subscription-manager application displayed an error message
about the serial number being less than zero. Serial numbers are now handled
correctly and no error message appears. (BZ#703648)

All users of m2crypto are advised to upgrade to this updated package, which
resolves these bugs.


Solution

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat
Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
m2crypto-0.16-8.el5.src.rpm
File outdated by:  RHBA-2013:0020
    MD5: f20cec8f5a1c99968346c9d4cd27d7e9
SHA-256: 1e38804a28f2e89b8a18102ad388f84c3dec3226592fc3e3b3571846efd6121d
 
IA-32:
m2crypto-0.16-8.el5.i386.rpm
File outdated by:  RHBA-2013:0020
    MD5: 81fa38330f5de68f4d8a43fc91f123f3
SHA-256: a4b2427d622b0431d046a371cc89902293e31ef10f570c752c2dcbfd3441106b
 
IA-64:
m2crypto-0.16-8.el5.ia64.rpm
File outdated by:  RHBA-2013:0020
    MD5: 2e654d36f5761f13424d7e6cc96ff440
SHA-256: 2592ea129251b6b8af3ed5b5cdcc23ccc6047b49dee3f78ea162ebeb8a4dfb94
 
PPC:
m2crypto-0.16-8.el5.ppc.rpm
File outdated by:  RHBA-2013:0020
    MD5: c5cb59d737aedfb701c20f01dff53b5c
SHA-256: 2ad894525b792017d97724399bbf1e35c5ea75a222bdfdcc2671c34067ee165e
 
s390x:
m2crypto-0.16-8.el5.s390x.rpm
File outdated by:  RHBA-2013:0020
    MD5: 2a0f8a22776c6470e59ff6047ef4f282
SHA-256: bcec0766ca552954435e6d6611e29446ed11b8bc5ee9bfb32e2a0b4a00952b52
 
x86_64:
m2crypto-0.16-8.el5.x86_64.rpm
File outdated by:  RHBA-2013:0020
    MD5: 181047a9831914b06257520e46c89304
SHA-256: 00a02517da6355afcf184535cb8616dfdecd51640dd51014dfb826594e769e9e
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
m2crypto-0.16-8.el5.src.rpm
File outdated by:  RHBA-2013:0020
    MD5: f20cec8f5a1c99968346c9d4cd27d7e9
SHA-256: 1e38804a28f2e89b8a18102ad388f84c3dec3226592fc3e3b3571846efd6121d
 
IA-32:
m2crypto-0.16-8.el5.i386.rpm
File outdated by:  RHBA-2013:0020
    MD5: 81fa38330f5de68f4d8a43fc91f123f3
SHA-256: a4b2427d622b0431d046a371cc89902293e31ef10f570c752c2dcbfd3441106b
 
x86_64:
m2crypto-0.16-8.el5.x86_64.rpm
File outdated by:  RHBA-2013:0020
    MD5: 181047a9831914b06257520e46c89304
SHA-256: 00a02517da6355afcf184535cb8616dfdecd51640dd51014dfb826594e769e9e
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

659881 - Memory leak in m2crypto-0.16/SWIG/_aes.i: AES_crypt
703648 - x509 certs can not have serial numbers larger than python int



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/