openSUSE Security Update : python-cryptography / python-pyOpenSSL (openSUSE-2019-1104)

This update for python-cryptography, python-pyOpenSSL fixes the following issues : Security issues fixed : - CVE-2018-1000808: A memory leak due to missing reference checking in PKCS12 store handling was fixed bsc1111634 - CVE-2018-1000807: A use-after-free in X509 object handling was fixed...

openSUSE: Security Advisory for python-cryptography, python-pyOpenSSL (openSUSE-SU-2019:1104-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for python-cryptography, python-pyOpenSSL (important)

openSUSE Security Update: Security update for python-cryptography, python-pyOpenSSL Announcement ID: openSUSE-SU-2019:1104-1 Rating: important References: 1021578 1052927 1111634 1111635 1119077 Cross-References: CVE-2018-1000807 CVE-2018-1000808 Affected Products: openSUSE Leap 42.3 An update th...

openSUSE Security Update : python-cryptography (openSUSE-2019-857)

This update for python-cryptography fixes the following issues : - CVE-2018-10903: The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. ...

Information Disclosure

python-cryptography is vulnerable to a key leakage. A lack of input validation on the finalizewithtag API allows an attacker to forge a GCM tag by crafting an invalid payload with a shortened tag to bypass the MAC check in a 1 in 256 chance, resulting in a possible key leakage...

Fedora 28 : python-cryptography / python-cryptography-vectors (2018-a9fe5e183e)

New upstream release 2.3 Fixes possible tag truncation security bug in AEAD API, see RHBZ1602752 2.3 - 2018-07-18 - SECURITY ISSUE: finalizewithtag allowed tag truncation by default which can allow tag forgery in some cases. The method now enforces the mintaglength provided to the GCM constructor...

SUSE SLED15 / SLES15 Security Update : python-cryptography (SUSE-SU-2018:3392-1)

This update for python-cryptography fixes the following issues : CVE-2018-10903: The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1...

The vulnerability of the package containing cryptographic algorithms and protocols for Python, Python-crypto, is related to the generation of weak key parameters. This allows a perpetrator to gain unauthorized access to confidential data.

The vulnerability of the package that contains cryptographic algorithms and protocols for Python, Python-crypto, is related to the generation of weak key parameters. Exploiting this vulnerability can allow a remote attacker to gain access to confidential information by reading the encrypted data...

Buffer Overflow in pycrypto

Heap-based buffer overflow in the ALGnew function in blocktemplace.c in Python Cryptography Toolkit aka pycrypto allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py...

SUSE SLED12 / SLES12 Security Update : python-cryptography, python-pyOpenSSL (SUSE-SU-2018:4063-1)

This update for python-cryptography, python-pyOpenSSL fixes the following issues : Security issues fixed : CVE-2018-1000808: A memory leak due to missing reference checking in PKCS12 store handling was fixed bsc1111634 CVE-2018-1000807: A use-after-free in X509 object handling was fixed bsc111163...

SUSE-SU-2018:4063-1 Security update for python-cryptography, python-pyOpenSSL

This update for python-cryptography, python-pyOpenSSL fixes the following issues: Security issues fixed: - CVE-2018-1000808: A memory leak due to missing reference checking in PKCS12 store handling was fixed bsc1111634 - CVE-2018-1000807: A use-after-free in X509 object handling was fixed...

Updated python-cryptography packages fix security vulnerability

The python-cryptography and python-cryptography-vectors packages have been updated to version 2.3.1 and fixes the following security issue: The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker...

MGASA-2018-0429 Updated python-cryptography packages fix security vulnerability

The python-cryptography and python-cryptography-vectors packages have been updated to version 2.3.1 and fixes the following security issue: The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker...

SUSE-SU-2018:3553-1 Security update for python-cryptography

This update for python-cryptography fixes the following issues: - CVE-2018-10903: The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1...

openSUSE Security Update : python-cryptography (openSUSE-2018-1281)

This update for python-cryptography fixes the following issues : - CVE-2018-10903: The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. ...

Ubuntu: Security Advisory (USN-3720-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3199-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for python-cryptography (openSUSE-SU-2018:3445-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2018:3392-1 Security update for python-cryptography

This update for python-cryptography fixes the following issues: - CVE-2018-10903: The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1...

Fedora 27 : python-cryptography / python-cryptography-vectors (2018-06c24068c6)

New upstream release 2.3 Fixes possible tag truncation security bug in AEAD API, see RHBZ1602752 2.3 - 2018-07-18 - SECURITY ISSUE: finalizewithtag allowed tag truncation by default which can allow tag forgery in some cases. The method now enforces the mintaglength provided to the GCM constructor...