openSUSE 16 Security Update : python-pyOpenSSL (openSUSE-SU-2026:20419-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20419-1 advisory. - CVE-2026-27448: unhandled exception can result in connection not being cancelled bsc1259804. - CVE-2026-27459: large cookie value can lead to ...

Security update for python-pyOpenSSL (important)

openSUSE security update: security update for python-pyopenssl ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20419-1 Rating: important References: bsc1259804 bsc1259808 Cross-References: CVE-2026-27448 CVE-2026-27459 CVSS scores: CVE-2026-27448 SU...

OESA-2026-1733 pyOpenSSL security update

pyOpenSSL is a rather thin wrapper around a subset of the OpenSSL library. With thin wrapper we mean that a lot of the object methods do nothing more than calling a corresponding function in the OpenSSL library. Security Fixes: A security vulnerability exists in the PyOpenSSL library's...

OESA-2026-1729 pyOpenSSL security update

pyOpenSSL is a rather thin wrapper around a subset of the OpenSSL library. With thin wrapper we mean that a lot of the object methods do nothing more than calling a corresponding function in the OpenSSL library. Security Fixes: A security vulnerability exists in the PyOpenSSL library's...

Fedora: Security Advisory (FEDORA-2026-9d5b9f45ec)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 43 : kryoptic / pyOpenSSL / python-cryptography / rust-asn1 / etc (2026-9d5b9f45ec)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-9d5b9f45ec advisory. - Update pyOpenSSL to v26.0.0 security update - Update python-cryptography to v46.0.5 dependency of pyOpenSSL 26 - Update rust-asn1 to 0.22 dependency of...

CVE-2026-27448 affecting package pyOpenSSL for versions less than 24.2.1-2

CVE-2026-27448 affecting package pyOpenSSL for versions less than 24.2.1-2. A patched version of the package is available...

CVE-2026-27459 affecting package pyOpenSSL for versions less than 24.2.1-2

CVE-2026-27459 affecting package pyOpenSSL for versions less than 24.2.1-2. A patched version of the package is available...

SUSE-SU-2026:20930-1 Security update for python-pyOpenSSL

This update for python-pyOpenSSL fixes the following issues: - CVE-2026-27448: unhandled exception can result in connection not being cancelled bsc1259804. - CVE-2026-27459: large cookie value can lead to a buffer overflow bsc1259808...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : pyOpenSSL vulnerabilities (USN-8115-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8115-1 advisory. It was discovered that pyOpenSSL incorrectly handled exceptions in the tlsextservername callback. This could result in connections...

Ubuntu: Security Advisory (USN-8115-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-8115-1 pyopenssl vulnerabilities

It was discovered that pyOpenSSL incorrectly handled exceptions in the tlsextservername callback. This could result in connections being accepted after an exception, contrary to expectations. CVE-2026-27448 It was discovered that pyOpenSSL incorrectly handled the DTLS cookie generation callback. ...

Buffer Overflow

pyOpenSSL is vulnerable to Buffer Overflow. The vulnerability is due to improper bounds checking in setcookiegeneratecallback, where cookie values exceeding 256 bytes can overflow an OpenSSL buffer, potentially leading to memory corruption...

SUSE CVE-2026-27448

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

SUSE CVE-2026-27459

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to setcookiegeneratecallback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0....

CVE-2026-27459

A flaw was found in pyOpenSSL. The setcookiegeneratecallback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a...

CVE-2026-27448

A flaw was found in pyOpenSSL. The settlsextservernamecallback callback function can be used to implement Server Name Indication SNI during the TLS handshake. When the callback raises an unhandled exception, the handshake incorrectly proceeds instead of terminating. This fail-open behavior can...

CVE-2026-27448

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

CVE-2026-27459

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to setcookiegeneratecallback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0....

Linux Distros Unpatched Vulnerability : CVE-2026-27448

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to...