python3.11-cryptography-37.0.2-6.el9
エラータID: AXSA:2024-7976:01
リリース日:
2024/05/30 Thursday - 15:52
題名:
python3.11-cryptography-37.0.2-6.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- python-cryptography の load_pem_pkcs7_certificates() 関数
および load_der_pkcs7_certificates() 関数には、NULL ポインタ
デリファレンスの問題があるため、リモートの攻撃者により、
PKCS7 形式のデータもしくは証明書の逆シリアル化処理を
介して、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2023-49083)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-49083
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.
追加情報:
N/A
ダウンロード:
SRPMS
- python3.11-cryptography-37.0.2-6.el9.src.rpm
MD5: aea34627ea4e5978e2d91cf1bede7c3d
SHA-256: b01481cb8889133d0a9c0d4005aaab5774b0b25106852fc651f998abbf5a3942
Size: 40.08 MB
Asianux Server 9 for x86_64
- python3.11-cryptography-37.0.2-6.el9.x86_64.rpm
MD5: 41e665c41b96a7b8884615ab9e781bfb
SHA-256: 7cebacdbce90b29d8cdfd0902841c2b09156c0105e77714294a87b7e32b7ab57
Size: 1.10 MB