python-cryptography-3.2.1-6.el8
エラータID: AXSA:2023-7257:04
リリース日:
2023/12/25 Monday - 12:20
題名:
python-cryptography-3.2.1-6.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- python-cryptography の Cipher.update_into() 関数には、
イミュータブル属性の付与されたバッファーのみを返す問題が
あるため、リモートの攻撃者により、出力結果の破壊、および
サービス拒否攻撃 (クラッシュの発生) を可能とする脆弱性が
存在します。(CVE-2023-23931)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-23931
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.
追加情報:
N/A
ダウンロード:
SRPMS
- python-cryptography-3.2.1-6.el8.src.rpm
MD5: 434d6a15650f0a136c9cb852bddc3628
SHA-256: 92c3e8ce805d4fc23f2c8bb3fb95668bc8fdb7f26e68c594b16db7b3cc91bc48
Size: 551.80 kB
Asianux Server 8 for x86_64
- python3-cryptography-3.2.1-6.el8.x86_64.rpm
MD5: d5e5c5493bc8daed0ce6c5f650cad6e0
SHA-256: 254cc06e2d6bc748aa215a7f7d2180e140d129024bf6982b391a2a673c4d5d88
Size: 557.76 kB
English