Описание
ELSA-2025-7317: python3.12-cryptography security update (MODERATE)
[41.0.7-2]
- Security fix for CVE-2025-24898 in the bundled openssl crate Resolves: RHEL-77735
[41.0.7-1]
- Update to 41.0.7, fixes CVE-2023-49083
[41.0.5-2]
- Rebuilt for timestamp .pyc invalidation mode
[41.0.5-1]
- Initial package
- Fedora contributions by: Alfredo Moralejo amoralej@redhat.com Benjamin A. Beasley code@musicinmybrain.net Charalampos Stratakis cstratak@redhat.com Christian Heimes christian@python.org Colin Walters walters@verbum.org Dennis Gilmore dennis@ausil.us Fabio Valentini decathorpe@gmail.com Felix Schwarz felix.schwarz@oss.schwarz.eu Haikel Guemar hguemar@fedoraproject.org Igor Gnatenko ignatenkobrain@fedoraproject.org Iryna Shcherbina shcherbina.iryna@gmail.com Lumir Balhar lbalhar@redhat.com Matej Cepl mcepl@cepl.eu Miro Hroncok miro@hroncok.cz Nathaniel McCallum npmccallum@redhat.com Randy Barlow randy@electronsweatshop.com Robert Kuska rkuska@redhat.com Sahana Prasad sahana@redhat.com Stephen Gallagher sgallagh@redhat.com Troy Dawson tdawson@redhat.com Yaakov Selkowitz yselkowi@redhat.com
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
python3.12-cryptography
41.0.7-2.el9
Oracle Linux x86_64
python3.12-cryptography
41.0.7-2.el9
Связанные CVE
Связанные уязвимости
rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions `ssl::select_next_proto` can return a slice pointing into the `server` argument's buffer but with a lifetime bound to the `client` argument. In situations where the `sever` buffer's lifetime is shorter than the `client` buffer's, this can cause a use after free. This could cause the server to crash or to return arbitrary memory contents to the client. The crate`openssl` version 0.10.70 fixes the signature of `ssl::select_next_proto` to properly constrain the output buffer's lifetime to that of both input buffers. Users are advised to upgrade. In standard usage of `ssl::select_next_proto` in the callback passed to `SslContextBuilder::set_alpn_select_callback`, code is only affected if the `server` buffer is constructed *within* the callback.
rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions `ssl::select_next_proto` can return a slice pointing into the `server` argument's buffer but with a lifetime bound to the `client` argument. In situations where the `sever` buffer's lifetime is shorter than the `client` buffer's, this can cause a use after free. This could cause the server to crash or to return arbitrary memory contents to the client. The crate`openssl` version 0.10.70 fixes the signature of `ssl::select_next_proto` to properly constrain the output buffer's lifetime to that of both input buffers. Users are advised to upgrade. In standard usage of `ssl::select_next_proto` in the callback passed to `SslContextBuilder::set_alpn_select_callback`, code is only affected if the `server` buffer is constructed *within* the callback.
rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions `ssl::select_next_proto` can return a slice pointing into the `server` argument's buffer but with a lifetime bound to the `client` argument. In situations where the `sever` buffer's lifetime is shorter than the `client` buffer's, this can cause a use after free. This could cause the server to crash or to return arbitrary memory contents to the client. The crate`openssl` version 0.10.70 fixes the signature of `ssl::select_next_proto` to properly constrain the output buffer's lifetime to that of both input buffers. Users are advised to upgrade. In standard usage of `ssl::select_next_proto` in the callback passed to `SslContextBuilder::set_alpn_select_callback`, code is only affected if the `server` buffer is constructed *within* the callback.
rust-openssl is a set of OpenSSL bindings for the Rust programming lan ...