Lucene search
SuseOPENSUSE-SU-2018:3445-1HistoryOct 25, 2018 - 6:17 p.m.
Security update for python-cryptography (moderate)
2018-10-2518:17:44
lists.opensuse.org
344
0.002 Low
EPSS
Percentile
55.0%
This update for python-cryptography fixes the following issues:
- CVE-2018-10903: The finalize_with_tag API did not enforce a minimum tag
length. If a user did not validate the input length prior to passing it
to finalize_with_tag an attacker could craft an invalid payload with a
shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance
of passing the MAC check. GCM tag forgeries could have caused key
leakage (bsc#1101820).
This update was imported from the SUSE:SLE-15:Update update project.
References
Related
nessus
nessus
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:4044-1)
2022-11-17 00:00:00
Mageia: Security Advisory (MGASA-2018-0429)
2022-01-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:3392-1)
2021-06-09 00:00:00
redhat
redhat
(RHSA-2018:3600) Moderate: python-cryptography security update
2018-11-13 21:57:38
cve
cve
CVE-2018-10903
2018-07-30 16:29:00
prion
prion
Input validation
2018-07-30 16:29:00
redhatcve
redhatcve
CVE-2018-10903
2018-07-18 20:49:06
veracode
veracode
Information Disclosure
2018-07-20 03:38:18
Information Disclosure
2019-01-15 09:26:51
osv
osv
PYSEC-2018-52
2018-07-30 16:29:00
PyCA Cryptography vulnerable to GCM tag forgery
2018-07-31 18:28:09
CVE-2018-10903
2018-07-30 16:29:00
ubuntucve
ubuntucve
CVE-2018-10903
2018-07-20 00:00:00
debiancve
debiancve
CVE-2018-10903
2018-07-30 16:29:00
freebsd
freebsd
py-cryptography -- tag forgery vulnerability
2018-07-17 00:00:00
github
github
PyCA Cryptography vulnerable to GCM tag forgery
2018-07-31 18:28:09
mageia
mageia
Updated python-cryptography packages fix security vulnerability
2018-11-03 14:55:18
ubuntu
ubuntu
python-cryptography vulnerability
2018-07-23 00:00:00
photon
photon