PyOpenSSL Mishandles NUL Byte In Certificate Subject Alternative Name

The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a \0 character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certificati...

GHSA-V4W5-P2HG-8FH6 Urllib3 Incorrect Certificate Validation

Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. Thi...

Urllib3 Incorrect Certificate Validation

Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. Thi...

python-cryptography security, bug fix, and enhancement update

3.2.1-4 - CVE-2020-36242: Fixed a bug where certain sequences of update calls when symmetrically encrypting very large payloads 2GB could result in an integer overflow, leading to buffer overflows. - Resolves: rhbz1926528 3.2.1-3 - Conflict with non-matching vector package 3.2.1-2 - Re-add remove...

ALBA-2021:1793 pyOpenSSL bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

pyOpenSSL bug fix and enhancement update

An update is available for pyOpenSSL. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterpri...

pyOpenSSL bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

SUSE: Security Advisory (SUSE-SU-2018:4063-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for pyOpenSSL (EulerOS-SA-2020-1729)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.6.0 : pyOpenSSL (EulerOS-SA-2020-1729)

According to the versions of the pyOpenSSL package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing...

Huawei EulerOS: Security Advisory for pyOpenSSL (EulerOS-SA-2020-1320)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : pyOpenSSL (EulerOS-SA-2020-1320)

According to the versions of the pyOpenSSL package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference...

openSUSE: Security Advisory for python-cryptography, python-pyOpenSSL (openSUSE-SU-2019:1104-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : python-cryptography / python-pyOpenSSL (openSUSE-2019-1104)

This update for python-cryptography, python-pyOpenSSL fixes the following issues : Security issues fixed : - CVE-2018-1000808: A memory leak due to missing reference checking in PKCS12 store handling was fixed bsc1111634 - CVE-2018-1000807: A use-after-free in X509 object handling was fixed...

Security update for python-cryptography, python-pyOpenSSL (important)

openSUSE Security Update: Security update for python-cryptography, python-pyOpenSSL Announcement ID: openSUSE-SU-2019:1104-1 Rating: important References: 1021578 1052927 1111634 1111635 1119077 Cross-References: CVE-2018-1000807 CVE-2018-1000808 Affected Products: openSUSE Leap 42.3 An update th...

Moderate: Red Hat Security Advisory: pyOpenSSL security and bug fix update

An update for pyOpenSSL is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

pyOpenSSL: Use-after-free in X509 object handling

Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on...

SUSE SLED12 / SLES12 Security Update : python-cryptography, python-pyOpenSSL (SUSE-SU-2018:4063-1)

This update for python-cryptography, python-pyOpenSSL fixes the following issues : Security issues fixed : CVE-2018-1000808: A memory leak due to missing reference checking in PKCS12 store handling was fixed bsc1111634 CVE-2018-1000807: A use-after-free in X509 object handling was fixed bsc111163...

SUSE-SU-2018:4063-1 Security update for python-cryptography, python-pyOpenSSL

This update for python-cryptography, python-pyOpenSSL fixes the following issues: Security issues fixed: - CVE-2018-1000808: A memory leak due to missing reference checking in PKCS12 store handling was fixed bsc1111634 - CVE-2018-1000807: A use-after-free in X509 object handling was fixed...

Ubuntu: Security Advisory (USN-3813-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...