SUSE-SU-2020:3592-1

Опубликовано: 02 дек. 2020

Источник: suse-cvrf

Описание

Security update for python-cryptography

This update for python-cryptography fixes the following issues:

CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168).

Список пакетов

Container ses/7.1/cephcsi/cephcsi:latest

python3-cryptography-2.8-3.3.1

Container ses/7.1/rook/ceph:latest

python3-cryptography-2.8-3.3.1

Container ses/7/cephcsi/cephcsi:latest

python3-cryptography-2.8-3.3.1

Container ses/7/rook/ceph:latest

python3-cryptography-2.8-3.3.1

Container suse/sles/15.3/virt-launcher:0.45.0

python3-cryptography-2.8-3.3.1

Container suse/sles/15.4/virt-launcher:0.49.0

python3-cryptography-2.8-3.3.1

Container trento/trento-runner:latest

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-Azure-Basic

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-Azure-Standard

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-BYOS-Azure

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-BYOS-EC2-HVM

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-BYOS-GCE

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-CAP-Deployment-BYOS-Azure

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-CHOST-BYOS-Aliyun

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-CHOST-BYOS-Azure

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-CHOST-BYOS-EC2

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-EC2-ECS-HVM

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-EC2-HVM

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-HPC-Azure

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-HPC-BYOS-Azure

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-HPC-BYOS-EC2-HVM

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure

python2-cryptography-2.8-3.3.1

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM

python2-cryptography-2.8-3.3.1

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE

python2-cryptography-2.8-3.3.1

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-SAP-Azure

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-SAP-BYOS-Azure

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-SAP-BYOS-GCE

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-SAP-EC2-HVM

python3-cryptography-2.8-3.3.1

Image SLES15-SP2-SAP-GCE

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-BYOS-Azure

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-BYOS-EC2-HVM

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-BYOS-GCE

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-CHOST-BYOS-Aliyun

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-CHOST-BYOS-Azure

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-CHOST-BYOS-EC2

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-CHOST-BYOS-GCE

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-CHOST-BYOS-SAP-CCloud

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-EC2-ECS-HVM

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-EC2-HVM

python2-cryptography-2.8-3.3.1

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-GCE

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-HPC-Azure

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-HPC-BYOS-Azure

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-HPC-BYOS-EC2-HVM

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-HPC-BYOS-GCE

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure

python2-cryptography-2.8-3.3.1

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM

python2-cryptography-2.8-3.3.1

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE

python2-cryptography-2.8-3.3.1

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-Micro-5-1-BYOS-Azure

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-Micro-5-1-BYOS-GCE

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-Micro-5-2-BYOS-Azure

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-Micro-5-2-BYOS-GCE

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-Micro-BYOS-GCE

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-SAP-Azure

python2-cryptography-2.8-3.3.1

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-SAP-BYOS-Azure

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-SAP-BYOS-GCE

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-SAP-EC2-HVM

python2-cryptography-2.8-3.3.1

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-SAP-GCE

python2-cryptography-2.8-3.3.1

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-SAPCAL-Azure

python2-cryptography-2.8-3.3.1

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-SAPCAL-EC2-HVM

python2-cryptography-2.8-3.3.1

python3-cryptography-2.8-3.3.1

Image SLES15-SP3-SAPCAL-GCE

python2-cryptography-2.8-3.3.1

python3-cryptography-2.8-3.3.1

SUSE Linux Enterprise Module for Basesystem 15 SP2

python3-cryptography-2.8-3.3.1

SUSE Linux Enterprise Module for Python 2 15 SP2

python2-cryptography-2.8-3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20203592-1/
Link for SUSE-SU-2020:3592-1
https://lists.suse.com/pipermail/sle-security-updates/2020-December/007905.html
E-Mail link for SUSE-SU-2020:3592-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1178168
SUSE Bug 1178168
https://www.suse.com/security/cve/CVE-2020-25659/
SUSE CVE CVE-2020-25659 page

Описание

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.

Затронутые продукты

Container ses/7.1/cephcsi/cephcsi:latest:python3-cryptography-2.8-3.3.1

Container ses/7.1/rook/ceph:latest:python3-cryptography-2.8-3.3.1

Container ses/7/cephcsi/cephcsi:latest:python3-cryptography-2.8-3.3.1

Container ses/7/rook/ceph:latest:python3-cryptography-2.8-3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-25659.html
CVE-2020-25659
https://bugzilla.suse.com/1178168
SUSE Bug 1178168
https://bugzilla.suse.com/1183152
SUSE Bug 1183152
https://bugzilla.suse.com/1218043
SUSE Bug 1218043