Thursday, March 14, 2024

[USN-6673-2] python-cryptography vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEKQtTo2MNG44yJq/lXjZQcrWpV2YFAmXyv90FAwAAAAAACgkQXjZQcrWpV2bZ
Ww//Qy/ErkU4TFiqs+pTxHypl5inZuYXZhiFFe3CnUaghVuL0JEvmg48kJRqM67dLDeol3XFAcrM
br0aEbEsRW9YehWJhtYLSvCrhfYKx8lDwouNptWEQUJiiS4Y7gsKIrFsVzbjghzRT05wFTeXhClj
lmQ4FC2jyZLNdDePzJhrgtgxPlv/42Cc3a2WYDzs7/DcQ5fdYSqoB/euFQ58d0GhJNDrkuMM6Sga
5g6Zgmx71FfRaoDbZ01fYbZAFnwp/7SQCbsWQKAVrOdx7aHd04EX5zyzSNDk5tA5/MoOFZS0k0xn
XGcXI+yNZHH7y1/DoAxNWhrmqKUslnEogn63CfGm/YhqPaNZ+t6r627ZdxGYWyctWhCgJ5ZlhMkD
o/HCfUb3+x7Um/y/y1oUGGyya/7eCkrwA6wNaHS0ihGkqNoroEoy220zZt2GSrwGwwx7d66y4wMu
VJK4FK+ytQ/zny+6griJO8OQOulo7Z//7MPdkBWEYW2sbETGZeurz0Jd4+p0Z5DW7UFrNxOOY34h
fjKou4OguIG2yHMfaQ90OCrcoEsEBGdfbuFgfVgWO1eYtFwi3xRHYrJA+lMPFRhzNaVkLMhbrznu
9mzGY2npFTT0i2ekkUKPUD+pHrn31vw+w0bFMLhvdYvuvrHOF2Mpg8CN7C/8gkwzXtIq0dgtymgt
Gyk=
=/N4U
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6673-2
March 14, 2024

python-cryptography vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

python-cryptography could be made to expose sensitive information over the
network.

Software Description:
- python-cryptography: Cryptography Python library

Details:

USN-6673-1 provided a security update for python-cryptography.
This update provides the corresponding update for Ubuntu 16.04 LTS.

Original advisory details:

 Hubert Kario discovered that python-cryptography incorrectly handled
 errors returned by the OpenSSL API when processing incorrect padding in
 RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose
 confidential or sensitive information. (CVE-2023-50782)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  python-cryptography             1.2.3-1ubuntu0.3+esm1
  python3-cryptography            1.2.3-1ubuntu0.3+esm1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6673-2
  https://ubuntu.com/security/notices/USN-6673-1
  CVE-2023-50782

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)