Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:1626-1

Опубликовано: 13 мая 2024
Источник: suse-cvrf

Описание

Security update for python-pyOpenSSL

This update for python-pyOpenSSL fixes the following issues:

  • CVE-2018-1000807: Fixed a use-after-free in X509 object handling (bsc#1111635)
  • CVE-2018-1000808: Fixed a use-after-free in PKCS #12 Store (bsc#1111634)

Список пакетов

Image SLES12-SP5-Azure-BYOS
python-pyOpenSSL-17.1.0-4.26.1
python3-pyOpenSSL-17.1.0-4.26.1
Image SLES12-SP5-Azure-Basic-On-Demand
python3-pyOpenSSL-17.1.0-4.26.1
Image SLES12-SP5-Azure-HPC-BYOS
python-pyOpenSSL-17.1.0-4.26.1
python3-pyOpenSSL-17.1.0-4.26.1
Image SLES12-SP5-Azure-HPC-On-Demand
python3-pyOpenSSL-17.1.0-4.26.1
Image SLES12-SP5-Azure-SAP-BYOS
python-pyOpenSSL-17.1.0-4.26.1
python3-pyOpenSSL-17.1.0-4.26.1
Image SLES12-SP5-Azure-SAP-On-Demand
python-pyOpenSSL-17.1.0-4.26.1
python3-pyOpenSSL-17.1.0-4.26.1
Image SLES12-SP5-Azure-Standard-On-Demand
python3-pyOpenSSL-17.1.0-4.26.1
Image SLES12-SP5-EC2-BYOS
python-pyOpenSSL-17.1.0-4.26.1
python3-pyOpenSSL-17.1.0-4.26.1
Image SLES12-SP5-EC2-ECS-On-Demand
python-pyOpenSSL-17.1.0-4.26.1
python3-pyOpenSSL-17.1.0-4.26.1
Image SLES12-SP5-EC2-On-Demand
python-pyOpenSSL-17.1.0-4.26.1
python3-pyOpenSSL-17.1.0-4.26.1
Image SLES12-SP5-EC2-SAP-BYOS
python-pyOpenSSL-17.1.0-4.26.1
python3-pyOpenSSL-17.1.0-4.26.1
Image SLES12-SP5-EC2-SAP-On-Demand
python-pyOpenSSL-17.1.0-4.26.1
python3-pyOpenSSL-17.1.0-4.26.1
Image SLES12-SP5-GCE-BYOS
python-pyOpenSSL-17.1.0-4.26.1
python3-pyOpenSSL-17.1.0-4.26.1
Image SLES12-SP5-GCE-On-Demand
python3-pyOpenSSL-17.1.0-4.26.1
Image SLES12-SP5-GCE-SAP-BYOS
python-pyOpenSSL-17.1.0-4.26.1
python3-pyOpenSSL-17.1.0-4.26.1
Image SLES12-SP5-GCE-SAP-On-Demand
python-pyOpenSSL-17.1.0-4.26.1
python3-pyOpenSSL-17.1.0-4.26.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
python-pyOpenSSL-17.1.0-4.26.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
python-pyOpenSSL-17.1.0-4.26.1
SUSE Linux Enterprise Server 12 SP5
python-pyOpenSSL-17.1.0-4.26.1
python3-pyOpenSSL-17.1.0-4.26.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
python-pyOpenSSL-17.1.0-4.26.1
python3-pyOpenSSL-17.1.0-4.26.1

Ссылки

Описание

Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0.

Затронутые продукты
Image SLES12-SP5-Azure-BYOS:python-pyOpenSSL-17.1.0-4.26.1
Image SLES12-SP5-Azure-BYOS:python3-pyOpenSSL-17.1.0-4.26.1
Image SLES12-SP5-Azure-Basic-On-Demand:python3-pyOpenSSL-17.1.0-4.26.1
Image SLES12-SP5-Azure-HPC-BYOS:python-pyOpenSSL-17.1.0-4.26.1
Ссылки

Описание

Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.. This vulnerability appears to have been fixed in 17.5.0.

Затронутые продукты
Image SLES12-SP5-Azure-BYOS:python-pyOpenSSL-17.1.0-4.26.1
Image SLES12-SP5-Azure-BYOS:python3-pyOpenSSL-17.1.0-4.26.1
Image SLES12-SP5-Azure-Basic-On-Demand:python3-pyOpenSSL-17.1.0-4.26.1
Image SLES12-SP5-Azure-HPC-BYOS:python-pyOpenSSL-17.1.0-4.26.1
Ссылки