SUSE-SU-2025:01818-1

Опубликовано: 05 июн. 2025

Источник: suse-cvrf

Описание

Security update for python-cryptography

This update for python-cryptography fixes the following issues:

CVE-2025-3416: openssl: use-after-free in Md::fetch and Cipher::fetch when Some(...) value passed as properties argument to either function (bsc#1242631).

Список пакетов

SUSE Linux Enterprise Module for Public Cloud 15 SP4

python311-cryptography-41.0.3-150400.16.22.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-202501818-1/
Link for SUSE-SU-2025:01818-1
https://lists.suse.com/pipermail/sle-updates/2025-June/040156.html
E-Mail link for SUSE-SU-2025:01818-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1242631
SUSE Bug 1242631
https://www.suse.com/security/cve/CVE-2025-3416/
SUSE CVE CVE-2025-3416 page

Описание

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.

Затронутые продукты

SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-cryptography-41.0.3-150400.16.22.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-3416.html
CVE-2025-3416
https://bugzilla.suse.com/1242599
SUSE Bug 1242599

SUSE-SU-2025:01818-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Public Cloud 15 SP4

Ссылки

Уязвимость: CVE-2025-3416

Описание

Затронутые продукты

Ссылки