Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2021-1608

Опубликовано: 25 мая 2021
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2021-1608: python-cryptography security, bug fix, and enhancement update (MODERATE)

[3.2.1-4]

  • CVE-2020-36242: Fixed a bug where certain sequences of update() calls when symmetrically encrypting very large payloads (>2GB) could result in an integer overflow, leading to buffer overflows.
  • Resolves: rhbz#1926528

[3.2.1-3]

  • Conflict with non-matching vector package

[3.2.1-2]

  • Re-add remove NPN bindings, required for pyOpenSSL
  • Resolves: rhbz#1907429

[3.2.1-1]

  • Rebase to upstream release 3.2.1
  • Resolves: rhbz#1873581
  • Resolves: rhbz#1778939
  • Removed dependencies on python-asn1crypto, python-idna

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

python3-cryptography

3.2.1-4.el8

Oracle Linux x86_64

python3-cryptography

3.2.1-4.el8

Связанные CVE

CVE-2020-36242
CVE-2020-25659

Ссылки на источники

Связанные уязвимости

suse-cvrf логотип

SUSE-SU-2023:0604-1

suse-cvrf
больше 2 лет назад

Security update for python-cryptography, python-cryptography-vectors

suse-cvrf логотип

SUSE-SU-2023:2783-2

suse-cvrf
почти 2 года назад

Security update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets

suse-cvrf логотип

SUSE-SU-2023:2783-1

suse-cvrf
около 2 лет назад

Security update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets

ubuntu логотип

CVE-2020-25659

CVSS3: 5.9
ubuntu
больше 4 лет назад

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.

redhat логотип

CVE-2020-25659

CVSS3: 5.9
redhat
больше 4 лет назад

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.