Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- Ubuntu Security Notice USN-6673-1[6]
- Authored by Ubuntu[7] | Site security.ubuntu.com[8]
-
Ubuntu Security Notice 6673-1 - Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information. It was discovered that python-cryptography incorrectly handled memory operations when processing mismatched PKCS#12 keys. A remote attacker could possibly use this issue to cause python-cryptography to crash, leading to a denial of service. This issue only affected Ubuntu 23.10.
- systems | linux[9], ubuntu[10]
- advisories | CVE-2023-50782[11], CVE-2024-26130[12]
- SHA-256 |
01de93cd85b2bb26752f49682241d7f6847ee989213ef66fd7a7389e73b6b48a
- Download[13] | Favorite[14] | View[15]
Change Mirror[16] Download[17]
==========================================================================
Ubuntu Security Notice USN-6673-1
March 04, 2024
python-cryptography vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in python-cryptography.
Software Description:
- python-cryptography: Cryptography Python library
Details:
Hubert Kario discovered that python-cryptography incorrectly handled
errors returned by the OpenSSL API when processing incorrect padding in
RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose
confidential or sensitive information. (CVE-2023-50782)
It was discovered that python-cryptography incorrectly handled memory
operations when processing mismatched PKCS#12 keys. A remote attacker could
possibly use this issue to cause python-cryptography to crash, leading to a
denial of service. This issue only affected Ubuntu 23.10. (CVE-2024-26130)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10:
python3-cryptography 38.0.4-4ubuntu0.23.10.2
Ubuntu 22.04 LTS:
python3-cryptography 3.4.8-1ubuntu2.2
Ubuntu 20.04 LTS:
python-cryptography 2.8-3ubuntu0.3
python3-cryptography 2.8-3ubuntu0.3
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
python-cryptography 2.1.4-1ubuntu1.4+esm1
python3-cryptography 2.1.4-1ubuntu1.4+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6673-1
CVE-2023-50782, CVE-2024-26130
Package Information:
https://launchpad.net/ubuntu/+source/python-cryptography/38.0.4-4ubuntu0.23.10.2
https://launchpad.net/ubuntu/+source/python-cryptography/3.4.8-1ubuntu2.2
https://launchpad.net/ubuntu/+source/python-cryptography/2.8-3ubuntu0.3
File Tags
- ActiveX[23] (933)
- Advisory[24] (84,346)
- Arbitrary[25] (16,578)
- BBS[26] (2,859)
- Bypass[27] (1,818)
- CGI[28] (1,032)
- Code Execution[29] (7,578)
- Conference[30] (687)
- Cracker[31] (844)
- CSRF[32] (3,370)
- DoS[33] (24,366)
- Encryption[34] (2,381)
- Exploit[35] (52,607)
- File Inclusion[36] (4,245)
- File Upload[37] (982)
- Firewall[38] (822)
- Info Disclosure[39] (2,832)
- Intrusion Detection[40] (905)
- Java[41] (3,117)
- JavaScript[42] (887)
- Kernel[43] (6,943)
- Local[44] (14,656)
- Magazine[45] (586)
- Overflow[46] (12,981)
- Perl[47] (1,430)
- PHP[48] (5,174)
- Proof of Concept[49] (2,364)
- Protocol[50] (3,687)
- Python[51] (1,595)
- Remote[52] (31,289)
- Root[53] (3,613)
- Rootkit[54] (519)
- Ruby[55] (616)
- Scanner[56] (1,647)
- Security Tool[57] (7,962)
- Shell[58] (3,236)
- Shellcode[59] (1,217)
- Sniffer[60] (899)
- Spoof[61] (2,255)
- SQL Injection[62] (16,491)
- TCP[63] (2,420)
- Trojan[64] (688)
- UDP[65] (896)
- Virus[66] (668)
- Vulnerability[67] (32,459)
- Web[68] (9,835)
- Whitepaper[69] (3,768)
- x86[70] (966)
- XSS[71] (18,127)
- Other[72]
File Archives
- March 2024[73]
- February 2024[74]
- January 2024[75]
- December 2023[76]
- November 2023[77]
- October 2023[78]
- September 2023[79]
- August 2023[80]
- July 2023[81]
- June 2023[82]
- May 2023[83]
- April 2023[84]
- Older[85]
Systems
- AIX[86] (429)
- Apple[87] (2,060)
- BSD[88] (375)
- CentOS[89] (57)
- Cisco[90] (1,926)
- Debian[91] (6,977)
- Fedora[92] (1,693)
- FreeBSD[93] (1,246)
- Gentoo[94] (4,466)
- HPUX[95] (880)
- iOS[96] (369)
- iPhone[97] (108)
- IRIX[98] (220)
- Juniper[99] (69)
- Linux[100] (48,763)
- Mac OS X[101] (691)
- Mandriva[102] (3,105)
- NetBSD[103] (256)
- OpenBSD[104] (487)
- RedHat[105] (15,184)
- Slackware[106] (941)
- Solaris[107] (1,611)
- SUSE[108] (1,444)
- Ubuntu[109] (9,333)
- UNIX[110] (9,371)
- UnixWare[111] (187)
- Windows[112] (6,635)
- Other[113]
- Services
- Security Services[124]
- Hosting By
- Rokasec[125]
Read more https://packetstormsecurity.com/files/177414/USN-6673-1.txt