python-cryptography-36.0.1-4.el9
エラータID: AXSA:2023-6725:03
リリース日:
2023/12/07 Thursday - 12:03
題名:
python-cryptography-36.0.1-4.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- python-cryptography の Cipher.update_into() 関数には、イミュータブル
属性の付与されたバッファーのみを返す問題があるため、リモートの
攻撃者により、出力結果の破壊、およびサービス拒否攻撃 (クラッシュ
の発生) を可能とする脆弱性が存在します。(CVE-2023-23931)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-23931
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.
追加情報:
N/A
ダウンロード:
SRPMS
- python-cryptography-36.0.1-4.el9.src.rpm
MD5: 87ccd9ee1967da051147a19a0aa1140a
SHA-256: 10ab1caf33baeba9822bb1ec9ceb31ddf604c561b853e94fd4fdc6fa4b27cf4f
Size: 40.39 MB
Asianux Server 9 for x86_64
- python3-cryptography-36.0.1-4.el9.x86_64.rpm
MD5: 76e90ee09cbde3d56f4cfe2656957eaf
SHA-256: 0bd4c7388ce2dc54fc8b437b1ef4344cd19e2e152a55d5fd7f0747c39811fcb4
Size: 1.16 MB