Описание
Security update for python-cryptography
This update for python-cryptography fixes the following issues:
- CVE-2023-23931: Fixed memory corruption in Cipher.update_into (bsc#1208036).
Список пакетов
Container ses/7.1/cephcsi/cephcsi:latest
python3-cryptography-3.3.2-150200.19.1
Container ses/7.1/rook/ceph:latest
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP2-BYOS-Azure
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP2-HPC-BYOS-Azure
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP2-SAP-Azure
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP2-SAP-BYOS-Azure
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP2-SAP-BYOS-GCE
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP2-SAP-EC2-HVM
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP2-SAP-GCE
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-BYOS-Azure
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-BYOS-EC2-HVM
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-BYOS-GCE
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-CHOST-BYOS-Aliyun
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-CHOST-BYOS-Azure
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-CHOST-BYOS-EC2
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-CHOST-BYOS-GCE
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-CHOST-BYOS-SAP-CCloud
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-HPC-BYOS-Azure
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-HPC-BYOS-EC2-HVM
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-HPC-BYOS-GCE
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
python2-cryptography-3.3.2-150200.19.1
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
python2-cryptography-3.3.2-150200.19.1
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
python2-cryptography-3.3.2-150200.19.1
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-Micro-5-1-BYOS-Azure
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-Micro-5-1-BYOS-GCE
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-Micro-5-2-BYOS-Azure
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-Micro-5-2-BYOS-GCE
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-SAP-BYOS-Azure
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-SAP-BYOS-GCE
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-SAPCAL-Azure
python2-cryptography-3.3.2-150200.19.1
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-SAPCAL-EC2-HVM
python2-cryptography-3.3.2-150200.19.1
python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP3-SAPCAL-GCE
python2-cryptography-3.3.2-150200.19.1
python3-cryptography-3.3.2-150200.19.1
SUSE Linux Enterprise Micro 5.1
python3-cryptography-3.3.2-150200.19.1
SUSE Linux Enterprise Micro 5.2
python3-cryptography-3.3.2-150200.19.1
SUSE Linux Enterprise Real Time 15 SP3
python3-cryptography-3.3.2-150200.19.1
Ссылки
- Link for SUSE-SU-2023:1763-1
- E-Mail link for SUSE-SU-2023:1763-1
- SUSE Security Ratings
- SUSE Bug 1208036
- SUSE CVE CVE-2023-23931 page
Описание
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.
Затронутые продукты
Container ses/7.1/cephcsi/cephcsi:latest:python3-cryptography-3.3.2-150200.19.1
Container ses/7.1/rook/ceph:latest:python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP2-BYOS-Azure:python3-cryptography-3.3.2-150200.19.1
Image SLES15-SP2-HPC-BYOS-Azure:python3-cryptography-3.3.2-150200.19.1
Ссылки
- CVE-2023-23931
- SUSE Bug 1208036