Ubuntu Security Update USN-6539-1: python-cryptography vulnerabilities

LinuxBot

LinuxBot

Member
Joined
Apr 25, 2017
Messages
5,904
Reaction score
75
Credits
-1,257
It was discovered that the python-cryptography Cipher.update_into function would incorrectly accept objects with immutable buffers. This would result in corrupted output, contrary to expectations. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-23931) It was dicovered that python-cryptography incorrectly handled loading certain PKCS7 certificates. A remote attacker could possibly use this issue to cause python-cryptography to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-49083)

Continue reading...
 
You must log in or register to reply here.

Similar threads

LinuxBot
Ubuntu Security Update USN-8087-3: python-cryptography vulnerability
Replies
0
Views
159
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8225-1: Python marshmallow vulnerabilities
Replies
0
Views
115
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8087-2: python-cryptography regression
Replies
0
Views
124
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8087-1: python-cryptography vulnerability
Replies
0
Views
127
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8303-1: GitPython vulnerabilities
Replies
0
Views
85
LinuxBot
LinuxBot


Follow Linux.org

Members online

Total: 2,532 (members: 7, guests: 2,525)

Latest posts

Top