Описание
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python-cryptography | fixed | 42.0.5-1 | package | |
| python-cryptography | ignored | bookworm | package | |
| python-cryptography | ignored | bullseye | package | |
| python-cryptography | no-dsa | buster | package |
Примечания
https://github.com/pyca/cryptography/issues/9785
https://people.redhat.com/~hkario/marvin/
https://github.com/openssl/openssl/pull/13817
CVE is for incomplete fix of CVE-2020-25659
The fix relies on OpenSSL 3.2, marking the first 42.x upload to unstable as fixed,
openssl 3.2 was uploaded to unstable shortly after
EPSS
Связанные уязвимости
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
EPSS