python-cryptography-3.2.1-8.el8_10
エラータID: AXSA:2025-10797:01
リリース日:
2025/09/01 Monday - 18:44
題名:
python-cryptography-3.2.1-8.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- python-cryptography の load_pem_pkcs7_certificates() 関数および
load_der_pkcs7_certificates() 関数には、NULL ポインタデリファレンス
の問題があるため、リモートの攻撃者により、PKCS7 形式のデータもしくは
証明書の逆シリアル化処理を介して、サービス拒否攻撃を可能とする脆弱性
が存在します。(CVE-2023-49083)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-49083
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.
追加情報:
N/A
ダウンロード:
SRPMS
- python-cryptography-3.2.1-8.el8_10.src.rpm
MD5: 54eb21d33f358d0fcf1e72dc316252c6
SHA-256: 0fd85f09b055a15505cc100b8dc7df072460904ce2dc5224b3b1101f9c3493ee
Size: 553.22 kB
Asianux Server 8 for x86_64
- python3-cryptography-3.2.1-8.el8_10.x86_64.rpm
MD5: fedf1efbfaad037750ba0a2130ec039f
SHA-256: 78ed41d834f9c3905329b0ee2ef22185923c749264697cfce3e1bac6670ebc13
Size: 558.18 kB
English