python3.11-cryptography-37.0.2-6.el8
エラータID: AXSA:2024-8275:02
リリース日:
2024/06/15 Saturday - 08:52
題名:
python3.11-cryptography-37.0.2-6.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- python-cryptography の load_pem_pkcs7_certificates() 関数
および load_der_pkcs7_certificates() 関数には、NULL ポインタ
デリファレンスの問題があるため、リモートの攻撃者により、
PKCS7 形式のデータもしくは証明書の逆シリアル化処理を
介して、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2023-49083)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-49083
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.
追加情報:
N/A
ダウンロード:
SRPMS
- python3.11-cryptography-37.0.2-6.el8.src.rpm
MD5: e4f9d18c423edba8ef40a743049e46d2
SHA-256: e59d424df81f68f0794a87473d7ae7ac6d9a382bff475de7cacae51aa5987d8e
Size: 40.08 MB
Asianux Server 8 for x86_64
- python3.11-cryptography-37.0.2-6.el8.x86_64.rpm
MD5: 1bb423855a0455e11feef93bb6c8de26
SHA-256: edb0377733477b1da0eac6b04b2c0e3739d8ceced96d6eca1a2dbd49f4813398
Size: 1.12 MB
English