Monday, May 27, 2024

[USN-6673-3] python-cryptography vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEKQtTo2MNG44yJq/lXjZQcrWpV2YFAmZUsfcFAwAAAAAACgkQXjZQcrWpV2bk
Bg//SctjdYWqUr6tgiJ/U/1rudOvriBCUgpPU9rKPwjLiZY8oZJbRG0FrVK7cB0I/He+sY5FCqnt
uq/SJxXWzj4Rw0pdBd7vfBc7mtySKb3y2whXO6g4+6jaj5BFlRo94pdAvpXKST4bhVTlXIvCQRXe
ygDhTlaAa7ouP8TSXKvrPk9W3IUiPuvFCt+MIPeU3v8j1K0+pVAc1KYfuF0jReqNFG1rtF2A0HVq
dlc2GMDbSjObpHtMG5+x39+0FIUuvjJHwWQfNblzgoWIWuFXgvfxI3RH8eFFLp4AUJTF9lRpCx/s
Alk1Z6DKr8zChxkE6Z5VDJcnU3v3d+S2upTAywjHqhHkZ5cuAmjBOLYvFipp7hj94rMgWHjNpc84
A86fNs6zm3ivuYsjEUGtsPFG5TKbsvtX2TeHJZWmTKoIgQgNndsoyb+E7Dt3yRnGqz+5HfrrB6Ry
X1tlBIadp5P3iVyDrt4DuKB5BIiaXgzJ8jX9pDO4K09VW5wMQLJukEACmQQRjlxsl9Z7yFK1SzWT
EA0daybAVJNCZPsAmVgRXzE6zWVfwOOmwCUCHEsbeOmFfOhrc2mJpWvS8G3KcxsvqCvJHjXjVN95
CsfUYSSMhgbba5PPG87Z+yox6hH0MghFO0mEqhQHQ1v+YMBDy9vJtYb8p6Dvi5N9zmq0pLwl0K0j
mSI=
=QEGX
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6673-3
May 27, 2024

python-cryptography vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

python-cryptography could be made to crash if it received specially crafted
input.

Software Description:
- python-cryptography: Cryptography Python library

Details:

USN-6673-1 provided a security update for python-cryptography.
This update provides the corresponding update for Ubuntu 24.04 LTS.

Original advisory details:

 It was discovered that python-cryptography incorrectly handled memory
 operations when processing mismatched PKCS#12 keys. A remote attacker could
 possibly use this issue to cause python-cryptography to crash, leading to a
 denial of service. This issue only affected Ubuntu 23.10. (CVE-2024-26130)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  python3-cryptography            41.0.7-4ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6673-3
  https://ubuntu.com/security/notices/USN-6673-1
  CVE-2024-26130

Package Information:
https://launchpad.net/ubuntu/+source/python-cryptography/41.0.7-4ubuntu0.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)