600 matches found
Fedora Update for python-cryptography-vectors FEDORA-2018-06c24068c6
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 27 : python-cryptography / python-cryptography-vectors (2018-06c24068c6)
New upstream release 2.3 Fixes possible tag truncation security bug in AEAD API, see RHBZ1602752 2.3 - 2018-07-18 - SECURITY ISSUE: finalizewithtag allowed tag truncation by default which can allow tag forgery in some cases. The method now enforces the mintaglength provided to the GCM constructor...
[SECURITY] Fedora 27 Update: python-cryptography-vectors-2.3-1.fc27
Test vectors for the cryptography package. The only purpose of this package is to be a building requirement for python-cryptography, otherwise it has no use. Don=EF=BF=BD=EF=BF=BD=EF=BF =BDt install it unless you really know what you are doing...
[SECURITY] Fedora 27 Update: python-cryptography-2.3-1.fc27
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers...
Input validation
A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...
CVE-2018-10903
A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...
PYSEC-2018-52
A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...
DEBIAN-CVE-2018-10903
A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...
PYSEC-2018-52
A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...
CVE-2018-10903
A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...
CVE-2018-10903
A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...
CVE-2018-10903
A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...
Ubuntu 18.04 LTS : python-cryptography vulnerability (USN-3720-1)
The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3720-1 advisory. It was discovered that python-cryptography incorrectly handled certain inputs. An attacker could possibly use this to get access to sensitive information. Tenable...
USN-3720-1: python-cryptography vulnerability
It was discovered that python-cryptography incorrectly handled certain inputs. An attacker could possibly use this to get access to sensitive information...
USN-3720-1 python-cryptography vulnerability
It was discovered that python-cryptography incorrectly handled certain inputs. An attacker could possibly use this to get access to sensitive information...
[SECURITY] Fedora 28 Update: python-cryptography-vectors-2.3-1.fc28
Test vectors for the cryptography package. The only purpose of this package is to be a building requirement for python-cryptography, otherwise it has no use. Don=EF=BF=BD=EF=BF=BD=EF=BF =BDt install it unless you really know what you are doing...
Fedora Update for python-cryptography FEDORA-2018-a9fe5e183e
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for python-cryptography-vectors FEDORA-2018-a9fe5e183e
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Information Disclosure
python-cryptography is vulnerable to a key leakage. A lack of input validation on the finalizewithtag API allows an attacker to forge a GCM tag by crafting an invalid payload with a shortened tag to bypass the MAC check in a 1 in 256 chance, resulting in a possible key leakage...
CVE-2018-10903
A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...