PYSEC-2020-100

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA...

Ubuntu: Security Advisory (USN-4613-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : python-cryptography vulnerability (USN-4613-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4613-1 advisory. Hubert Kario discovered that python-cryptography incorrectly handled certain decryption. An attacker could possibly use this issue to expo...

USN-4613-1: python-cryptography vulnerability

Hubert Kario discovered that python-cryptography incorrectly handled certain decryption. An attacker could possibly use this issue to expose sensitive information...

USN-4613-1 python-cryptography vulnerability

Hubert Kario discovered that python-cryptography incorrectly handled certain decryption. An attacker could possibly use this issue to expose sensitive information...

CVE-2020-25659

A flaw was found in python-cryptography, where it is vulnerable to Bleichenbacher timing attacks. This flaw allows an attacker, via the RSA decryption API, to decrypt parts of the ciphertext encrypted with RSA. The highest threat from this vulnerability is to confidentiality...

PT-2020-6703 · Pypi +8 · Python-Cryptography +8

Name of the Vulnerable Software and Affected Versions: python-cryptography versions 3.2 Description: The issue is related to errors in RSA key management in the python-cryptography package for the Python programming language. It may allow a remote attacker to gain unauthorized access to protected...

PYSEC-2020-99

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...

SUSE SLES12 Security Update : python-cffi, python-cryptography (SUSE-SU-2020:0792-1)

This update for python-cffi, python-cryptography fixes the following issues : Security issue fixed : CVE-2018-10903: Fixed GCM tag forgery via truncated tag in finalizewithtag API bsc1101820. Non-security issues fixed : python-cffi was updated to 1.11.2 bsc1138748, jscECO-1256, jscPM-1598: fixed ...

SUSE SLES12 Security Update : python-cffi, python-cryptography, python-xattr (SUSE-SU-2020:0790-1)

This update for python-cffi, python-cryptography and python-xattr fixes the following issues : Security issue fixed : CVE-2018-10903: Fixed GCM tag forgery via truncated tag in finalizewithtag API bsc1101820. Non-security issues fixed : python-cffi was updated to 1.11.2 bsc1138748, jscECO-1256,...

SUSE-SU-2020:0792-1 Security update for python-cffi, python-cryptography

This update for python-cffi, python-cryptography fixes the following issues: Security issue fixed: - CVE-2018-10903: Fixed GCM tag forgery via truncated tag in finalizewithtag API bsc1101820. Non-security issues fixed: python-cffi was updated to 1.11.2 bsc1138748, jscECO-1256, jscPM-1598: - fixed...

SUSE-SU-2020:0790-1 Security update for python-cffi, python-cryptography, python-xattr

This update for python-cffi, python-cryptography and python-xattr fixes the following issues: Security issue fixed: - CVE-2018-10903: Fixed GCM tag forgery via truncated tag in finalizewithtag API bsc1101820. Non-security issues fixed: python-cffi was updated to 1.11.2 bsc1138748, jscECO-1256,...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0198

An update of 'python-cryptography', 'sqlite' packages of Photon OS has been released...

EulerOS 2.0 SP2 : python-crypto (EulerOS-SA-2019-2511)

According to the version of the python-crypto package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Heap-based buffer overflow in the ALGnew function in blocktemplace.c in Python Cryptography Toolkit aka pycrypto allows remote attackers to...

openSUSE: Security Advisory for python-cryptography, python-pyOpenSSL (openSUSE-SU-2019:1104-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : python-cryptography / python-pyOpenSSL (openSUSE-2019-1104)

This update for python-cryptography, python-pyOpenSSL fixes the following issues : Security issues fixed : - CVE-2018-1000808: A memory leak due to missing reference checking in PKCS12 store handling was fixed bsc1111634 - CVE-2018-1000807: A use-after-free in X509 object handling was fixed...

Security update for python-cryptography, python-pyOpenSSL (important)

openSUSE Security Update: Security update for python-cryptography, python-pyOpenSSL Announcement ID: openSUSE-SU-2019:1104-1 Rating: important References: 1021578 1052927 1111634 1111635 1119077 Cross-References: CVE-2018-1000807 CVE-2018-1000808 Affected Products: openSUSE Leap 42.3 An update th...

openSUSE Security Update : python-cryptography (openSUSE-2019-857)

This update for python-cryptography fixes the following issues : - CVE-2018-10903: The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. ...

Information Disclosure

python-cryptography is vulnerable to a key leakage. A lack of input validation on the finalizewithtag API allows an attacker to forge a GCM tag by crafting an invalid payload with a shortened tag to bypass the MAC check in a 1 in 256 chance, resulting in a possible key leakage...

Fedora 28 : python-cryptography / python-cryptography-vectors (2018-a9fe5e183e)

New upstream release 2.3 Fixes possible tag truncation security bug in AEAD API, see RHBZ1602752 2.3 - 2018-07-18 - SECURITY ISSUE: finalizewithtag allowed tag truncation by default which can allow tag forgery in some cases. The method now enforces the mintaglength provided to the GCM constructor...