exploitDog

SUSE-SU-2023:0604-1

Опубликовано: 02 мар. 2023

Источник: suse-cvrf

Описание

Security update for python-cryptography, python-cryptography-vectors

This update for python-cryptography, python-cryptography-vectors fixes the following issues:

Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
CVE-2020-36242: Fixed a bug where certain sequences of update() calls could result in integer overflow (bsc#1182066).
CVE-2020-25659: Fixed Bleichenbacher vulnerabilities (bsc#1178168).
update to 3.3.2 (bsc#1198331)

Список пакетов

Container ses/7.1/cephcsi/cephcsi:latest

python3-cryptography-3.3.2-150200.16.1

Container ses/7.1/rook/ceph:latest

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP2-BYOS-Azure

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP2-HPC-BYOS-Azure

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP2-SAP-Azure

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP2-SAP-BYOS-Azure

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP2-SAP-BYOS-GCE

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP2-SAP-EC2-HVM

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP2-SAP-GCE

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-BYOS-Azure

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-BYOS-EC2-HVM

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-BYOS-GCE

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-CHOST-BYOS-Aliyun

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-CHOST-BYOS-Azure

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-CHOST-BYOS-EC2

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-CHOST-BYOS-GCE

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-CHOST-BYOS-SAP-CCloud

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-HPC-BYOS-Azure

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-HPC-BYOS-EC2-HVM

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-HPC-BYOS-GCE

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure

python2-cryptography-3.3.2-150200.16.1

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM

python2-cryptography-3.3.2-150200.16.1

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE

python2-cryptography-3.3.2-150200.16.1

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-Micro-5-1-BYOS-Azure

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-Micro-5-1-BYOS-GCE

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-Micro-5-2-BYOS-Azure

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-Micro-5-2-BYOS-GCE

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-SAP-BYOS-Azure

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-SAP-BYOS-GCE

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-SAPCAL-Azure

python2-cryptography-3.3.2-150200.16.1

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-SAPCAL-EC2-HVM

python2-cryptography-3.3.2-150200.16.1

python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP3-SAPCAL-GCE

python2-cryptography-3.3.2-150200.16.1

python3-cryptography-3.3.2-150200.16.1

SUSE Enterprise Storage 7

python2-cryptography-3.3.2-150200.16.1

python3-cryptography-3.3.2-150200.16.1

SUSE Enterprise Storage 7.1

python3-cryptography-3.3.2-150200.16.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

python2-cryptography-3.3.2-150200.16.1

python3-cryptography-3.3.2-150200.16.1

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

python3-cryptography-3.3.2-150200.16.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

python3-cryptography-3.3.2-150200.16.1

SUSE Linux Enterprise Micro 5.1

python3-cryptography-3.3.2-150200.16.1

SUSE Linux Enterprise Micro 5.2

python3-cryptography-3.3.2-150200.16.1

SUSE Linux Enterprise Real Time 15 SP3

python3-cryptography-3.3.2-150200.16.1

SUSE Linux Enterprise Server 15 SP2-LTSS

python2-cryptography-3.3.2-150200.16.1

python3-cryptography-3.3.2-150200.16.1

SUSE Linux Enterprise Server 15 SP3-LTSS

python3-cryptography-3.3.2-150200.16.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

python2-cryptography-3.3.2-150200.16.1

python3-cryptography-3.3.2-150200.16.1

SUSE Linux Enterprise Server for SAP Applications 15 SP3

python3-cryptography-3.3.2-150200.16.1

SUSE Manager Proxy 4.2

python3-cryptography-3.3.2-150200.16.1

SUSE Manager Server 4.2

python2-cryptography-3.3.2-150200.16.1

python3-cryptography-3.3.2-150200.16.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20230604-1/
Link for SUSE-SU-2023:0604-1
https://lists.suse.com/pipermail/sle-security-updates/2023-March/013960.html
E-Mail link for SUSE-SU-2023:0604-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1178168
SUSE Bug 1178168
https://bugzilla.suse.com/1182066
SUSE Bug 1182066
https://bugzilla.suse.com/1198331
SUSE Bug 1198331
https://bugzilla.suse.com/1199282
SUSE Bug 1199282
https://www.suse.com/security/cve/CVE-2020-25659/
SUSE CVE CVE-2020-25659 page
https://www.suse.com/security/cve/CVE-2020-36242/
SUSE CVE CVE-2020-36242 page

Описание

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.

Затронутые продукты

Container ses/7.1/cephcsi/cephcsi:latest:python3-cryptography-3.3.2-150200.16.1

Container ses/7.1/rook/ceph:latest:python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP2-BYOS-Azure:python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP2-HPC-BYOS-Azure:python3-cryptography-3.3.2-150200.16.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-25659.html
CVE-2020-25659
https://bugzilla.suse.com/1178168
SUSE Bug 1178168
https://bugzilla.suse.com/1183152
SUSE Bug 1183152
https://bugzilla.suse.com/1218043
SUSE Bug 1218043

Описание

In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.

Затронутые продукты

Container ses/7.1/cephcsi/cephcsi:latest:python3-cryptography-3.3.2-150200.16.1

Container ses/7.1/rook/ceph:latest:python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP2-BYOS-Azure:python3-cryptography-3.3.2-150200.16.1

Image SLES15-SP2-HPC-BYOS-Azure:python3-cryptography-3.3.2-150200.16.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-36242.html
CVE-2020-36242
https://bugzilla.suse.com/1182066
SUSE Bug 1182066

Уязвимость SUSE-SU-2023:0604-1