python3.12-cryptography-41.0.7-2.el9_6.1
エラータID: AXSA:2025-10844:02
リリース日:
2025/09/12 Friday - 14:03
題名:
python3.12-cryptography-41.0.7-2.el9_6.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- python-cryptography には、NULL ポインタデリファレンスの問題が
あるため、リモートの攻撃者により、サービス拒否攻撃 (クラッシュの
発生) を可能とする脆弱性が存在します。(CVE-2024-26130)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-26130
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.
追加情報:
N/A
ダウンロード:
SRPMS
- python3.12-cryptography-41.0.7-2.el9_6.1.src.rpm
MD5: 2452cd62c5493ffab42eed5e4033e381
SHA-256: a4c5c6a2cd0c4b1f37a9205c36bfe59fa9822ba1e45769b083b05b8df1593487
Size: 41.81 MB
Asianux Server 9 for x86_64
- python3.12-cryptography-41.0.7-2.el9_6.1.x86_64.rpm
MD5: 87475938c565e2e9b5ccc45f89a2d065
SHA-256: 94e2d366c977c27c9a6891c4b4b112aab8133bfe6666f09883e2ba6bbde3df5f
Size: 1.23 MB
English