Lucene search

K
oraclelinuxOracleLinuxELSA-2024-12079
HistoryJan 18, 2024 - 12:00 a.m.

python-cryptography security update

2024-01-1800:00:00
linux.oracle.com
6
python-cryptography
security update
cve-2023-49083
null-dereference
pkcs7 certificates
orabug
fix
ftbfs
rsa_pkcs1_implicit_rejection
openssl feature
resolves
rhba#2203840
cve-2023-23931
update_into
mutable objects
rhba#2172399
failing test
invalid ec key
pem
decrypt

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.1%

[36.0.1-4.0.1]

  • Fix CVE-2023-49083: NULL-dereference when loading PKCS7 certificates [Orabug: 36119159]
    [36.0.1-4]
  • Fix FTBFS caused by rsa_pkcs1_implicit_rejection OpenSSL feature, resolves rhbz#2203840
    [36.0.1-3]
  • Fix CVE-2023-23931: Don’t allow update_into to mutate immutable objects, resolves rhbz#2172399
  • Fix FTBFS due to failing test_load_invalid_ec_key_from_pem and test_decrypt_invalid_decrypt

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.1%