python-cryptography-36.0.1-4.el9
エラータID: AXSA:2023-6725:03
The python-cryptography packages contain a Python Cryptographic Authority's (PyCA's) cryptography library, which provides cryptographic primitives and recipes to Python developers.
Security Fix(es):
* python-cryptography: memory corruption via immutable objects (CVE-2023-23931)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2023-23931
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.
Update packages.
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.
N/A
SRPMS
- python-cryptography-36.0.1-4.el9.src.rpm
MD5: 87ccd9ee1967da051147a19a0aa1140a
SHA-256: 10ab1caf33baeba9822bb1ec9ceb31ddf604c561b853e94fd4fdc6fa4b27cf4f
Size: 40.39 MB
Asianux Server 9 for x86_64
- python3-cryptography-36.0.1-4.el9.x86_64.rpm
MD5: 76e90ee09cbde3d56f4cfe2656957eaf
SHA-256: 0bd4c7388ce2dc54fc8b437b1ef4344cd19e2e152a55d5fd7f0747c39811fcb4
Size: 1.16 MB
日本語