python-cryptography-36.0.1-5.el9_6
エラータID: AXSA:2025-10863:02
リリース日:
2025/09/19 Friday - 12:19
題名:
python-cryptography-36.0.1-5.el9_6
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- python-cryptography の load_pem_pkcs7_certificates() 関数
および load_der_pkcs7_certificates() 関数には、NULL ポインタ
デリファレンスの問題があるため、リモートの攻撃者により、PKCS7
形式のデータもしくは証明書の逆シリアル化処理を介して、サービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2023-49083)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-49083
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.
追加情報:
N/A
ダウンロード:
SRPMS
- python-cryptography-36.0.1-5.el9_6.src.rpm
MD5: d96f0e24e24805b54a0846d12ab32a82
SHA-256: 1163b2e61c440d9ad1866b96ab8f2de4b5a36e76749969e2280c1fab1fed1538
Size: 40.39 MB
Asianux Server 9 for x86_64
- python3-cryptography-36.0.1-5.el9_6.x86_64.rpm
MD5: 184837e5481aa7b461b39035ae3e1abd
SHA-256: 231089720f70ceca798a70669a8676e087a3442a67c74a4b35e57abadc1e9188
Size: 1.24 MB
English