python-cryptography-3.2.1-6.el8
エラータID: AXSA:2023-7257:04
The python-cryptography packages contain a Python Cryptographic Authority's (PyCA's) cryptography library, which provides cryptographic primitives and recipes to Python developers.
Security Fix(es):
* python-cryptography: memory corruption via immutable objects (CVE-2023-23931)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2023-23931
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.
Update packages.
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.
N/A
SRPMS
- python-cryptography-3.2.1-6.el8.src.rpm
MD5: 434d6a15650f0a136c9cb852bddc3628
SHA-256: 92c3e8ce805d4fc23f2c8bb3fb95668bc8fdb7f26e68c594b16db7b3cc91bc48
Size: 551.80 kB
Asianux Server 8 for x86_64
- python3-cryptography-3.2.1-6.el8.x86_64.rpm
MD5: d5e5c5493bc8daed0ce6c5f650cad6e0
SHA-256: 254cc06e2d6bc748aa215a7f7d2180e140d129024bf6982b391a2a673c4d5d88
Size: 557.76 kB
日本語