Описание
ELSA-2024-12078: python3.11-cryptography security update (IMPORTANT)
[37.0.2-5.0.1]
- Fix CVE-2023-49083: NULL-dereference when loading PKCS7 certificates [Orabug: 36143834]
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
python3.11-cryptography
37.0.2-5.0.1.el8
Oracle Linux x86_64
python3.11-cryptography
37.0.2-5.0.1.el8
Oracle Linux 9
Oracle Linux aarch64
python3.11-cryptography
37.0.2-5.0.1.el9
Oracle Linux x86_64
python3.11-cryptography
37.0.2-5.0.1.el9
Связанные CVE
Связанные уязвимости
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.
cryptography is a package designed to expose cryptographic primitives ...