Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:4842-1

Опубликовано: 14 дек. 2023
Источник: suse-cvrf

Описание

Security update for python-cryptography

This update for python-cryptography fixes the following issues:

  • CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592).

Список пакетов

Image SLES15-SP4-BYOS-Azure
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP4-BYOS-EC2
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP4-HPC-BYOS
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP4-HPC-BYOS-Azure
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP4-HPC-BYOS-EC2
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP4-HPC-EC2
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP4-Hardened-BYOS-Azure
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP4-Hardened-BYOS-EC2
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP4-SAP
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP4-SAP-Azure
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP4-SAP-BYOS-Azure
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP4-SAP-BYOS-EC2
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP4-SAP-EC2
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP4-SAP-Hardened
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP4-SAP-Hardened-Azure
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP4-SAP-Hardened-BYOS
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP4-SAPCAL
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP4-SAPCAL-Azure
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP4-SAPCAL-EC2
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP5-Azure-3P
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP5-Azure-Basic
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP5-Azure-Standard
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP5-BYOS-Azure
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP5-BYOS-EC2
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP5-EC2
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP5-HPC-Azure
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP5-HPC-BYOS-Azure
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP5-HPC-BYOS-EC2
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP5-Hardened-BYOS-Azure
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP5-Hardened-BYOS-EC2
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP5-Manager-Server-5-0-EC2-llc
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP5-Manager-Server-5-0-EC2-ltd
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP5-SAP-Azure-3P
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP5-SAP-BYOS-Azure
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP5-SAP-BYOS-EC2
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP5-SAP-Hardened-Azure
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP5-SAP-Hardened-BYOS-EC2
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP5-SAPCAL-Azure
python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP5-SAPCAL-EC2
python311-cryptography-41.0.3-150400.16.12.1
SUSE Linux Enterprise Module for Python 3 15 SP4
python311-cryptography-41.0.3-150400.16.12.1
SUSE Linux Enterprise Module for Python 3 15 SP5
python311-cryptography-41.0.3-150400.16.12.1
openSUSE Leap 15.4
python311-cryptography-41.0.3-150400.16.12.1
openSUSE Leap 15.5
python311-cryptography-41.0.3-150400.16.12.1

Ссылки

Описание

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.

Затронутые продукты
Image SLES15-SP4-BYOS-Azure:python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP4-BYOS-EC2:python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP4-HPC-BYOS-Azure:python311-cryptography-41.0.3-150400.16.12.1
Image SLES15-SP4-HPC-BYOS-EC2:python311-cryptography-41.0.3-150400.16.12.1
Ссылки
Уязвимость SUSE-SU-2023:4842-1