ELSA-2024-12079

ELSA-2024-12079 - python-cryptography security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2024-01-18

Description


[36.0.1-4.0.1]
- Fix CVE-2023-49083: NULL-dereference when loading PKCS7 certificates [Orabug: 36119159]

[36.0.1-4]
- Fix FTBFS caused by rsa_pkcs1_implicit_rejection OpenSSL feature, resolves rhbz#2203840

[36.0.1-3]
- Fix CVE-2023-23931: Don't allow update_into to mutate immutable objects, resolves rhbz#2172399
- Fix FTBFS due to failing test_load_invalid_ec_key_from_pem and test_decrypt_invalid_decrypt


Related CVEs


CVE-2023-49083

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By AdvisoryChannel Label
Oracle Linux 8 (aarch64) python-cryptography-3.2.1-6.0.1.el8.src.rpm0c1ef7416b5d8e7bac8a0986e31d8b3c-ol8_aarch64_baseos_latest
python-cryptography-3.2.1-6.0.1.el8.src.rpm0c1ef7416b5d8e7bac8a0986e31d8b3c-ol8_aarch64_u9_baseos_patch
python3-cryptography-3.2.1-6.0.1.el8.aarch64.rpm7c752cf8f8b100d24afe3b2011a4c828-ol8_aarch64_baseos_latest
python3-cryptography-3.2.1-6.0.1.el8.aarch64.rpm7c752cf8f8b100d24afe3b2011a4c828-ol8_aarch64_u9_baseos_patch
Oracle Linux 8 (x86_64) python-cryptography-3.2.1-6.0.1.el8.src.rpm0c1ef7416b5d8e7bac8a0986e31d8b3c-ol8_x86_64_baseos_latest
python-cryptography-3.2.1-6.0.1.el8.src.rpm0c1ef7416b5d8e7bac8a0986e31d8b3c-ol8_x86_64_u9_baseos_patch
python3-cryptography-3.2.1-6.0.1.el8.x86_64.rpm3469eb5582d42270bab57ca7e0569bcf-ol8_x86_64_baseos_latest
python3-cryptography-3.2.1-6.0.1.el8.x86_64.rpm3469eb5582d42270bab57ca7e0569bcf-ol8_x86_64_u9_baseos_patch
Oracle Linux 9 (aarch64) python-cryptography-36.0.1-4.0.1.el9.src.rpmc8a9c7ddd27989069f8e37598f68e016-ol9_aarch64_appstream
python3-cryptography-36.0.1-4.0.1.el9.aarch64.rpm05ecaa29bf66ed466bd89bb574a7b5a8-ol9_aarch64_appstream
Oracle Linux 9 (x86_64) python-cryptography-36.0.1-4.0.1.el9.src.rpmc8a9c7ddd27989069f8e37598f68e016-ol9_x86_64_appstream
python3-cryptography-36.0.1-4.0.1.el9.x86_64.rpm5f73e3e974b3f220d53a6970be586a1a-ol9_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete