cryptography 安全漏洞

cryptography is a Python cryptographic authority open-source library. Versions of cryptography from 45.0.0 to 46.0.7 had security vulnerabilities; these vulnerabilities stemmed from improper buffer handling, which could lead to buffer overflows...

UBUNTU-CVE-2026-39373

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but does not validate th...

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by denial of service due to Python cryptography package

Summary The Python cryptography package is used by IBM Cloud Pak for Data System to provide cryptographic functionality. CVE-2024-0727 affects the underlying OpenSSL library used by the cryptography package. Processing a maliciously formatted PKCS12 file may cause a NULL pointer dereference in...

[SECURITY] Fedora 43 Update: python-cryptography-46.0.6-1.fc43

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers...

[SECURITY] Fedora 44 Update: python-cryptography-46.0.6-1.fc44

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers...

Fedora 44 : python-cryptography (2026-2423902e8b)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2423902e8b advisory. Update to v46.0.6 This includes a single fix for security issue: SECURITY ISSUE: Fixed a bug where name constraints were not applied to peer names during...

Fedora 43 : python-cryptography (2026-6c010af7be)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-6c010af7be advisory. Update to v46.0.6 This includes a single fix for security issue: SECURITY ISSUE: Fixed a bug where name constraints were not applied to peer names during...

Fedora: Security Advisory (FEDORA-2026-6c010af7be)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ROOT-OS-DEBIAN-12-CVE-2026-26007 CVE-2026-26007 in rootio-python-cryptography - Patched by Root

Root has patched CVE-2026-26007 in the rootio-python-cryptography package for Root:Debian:12. Multiple fixed versions available...

OPENSUSE-SU-2026:10454-1 python311-cryptography-46.0.6-1.1 on GA media

These are all security issues fixed in the python311-cryptography-46.0.6-1.1 package on the GA media of openSUSE Tumbleweed...

[SECURITY] Fedora 43 Update: python-cryptography-46.0.5-1.fc43

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers...

Fedora: Security Advisory (FEDORA-2026-9d5b9f45ec)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 43 : kryoptic / pyOpenSSL / python-cryptography / rust-asn1 / etc (2026-9d5b9f45ec)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-9d5b9f45ec advisory. - Update pyOpenSSL to v26.0.0 security update - Update python-cryptography to v46.0.5 dependency of pyOpenSSL 26 - Update rust-asn1 to 0.22 dependency of...

OESA-2026-1672 python-cryptography security update

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Security Fixes: This vulnerability exists in the pyca cryptography library due to missing subgroup validation for SECT curves. An attacker could exploit this to perform subgroup attacks,...

Ubuntu: Security Advisory (USN-8087-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-8087-2 python-cryptography regression

USN-8087-1 fixed a vulnerability in python-cryptography. The update caused a regression when using ECC algorithms with certain software. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that python-cryptography incorrectly handled...

USN-8087-2: python-cryptography regression

USN-8087-1 fixed a vulnerability in python-cryptography. The update caused a regression when using ECC algorithms with certain software. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that python-cryptography incorrectly handled...

Ubuntu: Security Advisory (USN-8087-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : python-cryptography vulnerability (USN-8087-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by a vulnerability as referenced in the USN-8087-1 advisory. It was discovered that python-cryptography incorrectly handled subgroup validation for SECT curves. A remote attacker could use this issue to...

USN-8087-1 python-cryptography vulnerability

It was discovered that python-cryptography incorrectly handled subgroup validation for SECT curves. A remote attacker could use this issue to perform a subgroup attack and possibly recover the least significant bits of private keys...