python-cryptography-3.2.1-4.el8
エラータID: AXSA:2021-2026:02
The python-cryptography packages contain a Python Cryptographic Authority's (PyCA's) cryptography library, which provides cryptographic primitives and recipes to Python developers.
The following packages have been upgraded to a later upstream version: python-cryptography (3.2.1).
Security Fix(es):
* python-cryptography: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25659)
* python-cryptography: certain sequences of update() calls when symmetrically encrypting very large payloads could result in an integer overflow and lead to buffer overflows (CVE-2020-36242)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2020-25659
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
CVE-2020-36242
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
Update packages.
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
N/A
SRPMS
- python-cryptography-3.2.1-4.el8.src.rpm
MD5: 32713558ee6623cc351d57c47645f13a
SHA-256: 6344b8135879142313e182c72d7fdb95630aa49493c3c2a807d3b9655da4812a
Size: 550.79 kB
Asianux Server 8 for x86_64
- python3-cryptography-3.2.1-4.el8.x86_64.rpm
MD5: 65ddc664af94348fb5e3dc01096759d0
SHA-256: 1efb0f1187c77b2937a3bdf2b1eb95745cdec7eec6497384083d80cec7a95486
Size: 557.81 kB