ELSA-2021-1608

ULN >
Oracle Linux Errata repository >
ELSA-2021-1608

ELSA-2021-1608 - python-cryptography security, bug fix, and enhancement update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2021-05-25

Description

[3.2.1-4]
- CVE-2020-36242: Fixed a bug where certain sequences of update() calls
when symmetrically encrypting very large payloads (>2GB) could result
in an integer overflow, leading to buffer overflows.
- Resolves: rhbz#1926528

[3.2.1-3]
- Conflict with non-matching vector package

[3.2.1-2]
- Re-add remove NPN bindings, required for pyOpenSSL
- Resolves: rhbz#1907429

[3.2.1-1]
- Rebase to upstream release 3.2.1
- Resolves: rhbz#1873581
- Resolves: rhbz#1778939
- Removed dependencies on python-asn1crypto, python-idna

Related CVEs

CVE-2020-36242

CVE-2020-25659

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	python-cryptography-3.2.1-4.el8.src.rpm	44eef0a4ba51906f4296e2c3ac94d53f50af9ab4e959d23dc0d0afa0bf25477f	-	ol8_aarch64_baseos_latest
	python-cryptography-3.2.1-4.el8.src.rpm	44eef0a4ba51906f4296e2c3ac94d53f50af9ab4e959d23dc0d0afa0bf25477f	-	ol8_aarch64_u4_baseos_base
	python3-cryptography-3.2.1-4.el8.aarch64.rpm	1e458df37e2dc6d1516743da04f76b0a65aaba3849eb0cc1aadc029b63d1737e	-	ol8_aarch64_baseos_latest
	python3-cryptography-3.2.1-4.el8.aarch64.rpm	1e458df37e2dc6d1516743da04f76b0a65aaba3849eb0cc1aadc029b63d1737e	-	ol8_aarch64_u4_baseos_base

Oracle Linux 8 (x86_64)	python-cryptography-3.2.1-4.el8.src.rpm	44eef0a4ba51906f4296e2c3ac94d53f50af9ab4e959d23dc0d0afa0bf25477f	-	ol8_x86_64_baseos_latest
	python-cryptography-3.2.1-4.el8.src.rpm	44eef0a4ba51906f4296e2c3ac94d53f50af9ab4e959d23dc0d0afa0bf25477f	-	ol8_x86_64_u4_baseos_base
	python3-cryptography-3.2.1-4.el8.x86_64.rpm	61f46d20bdee35f109b6ce1931ee2b7e0a07ce04139bc09189f1cf3e45f707bc	-	ol8_x86_64_baseos_latest
	python3-cryptography-3.2.1-4.el8.x86_64.rpm	61f46d20bdee35f109b6ce1931ee2b7e0a07ce04139bc09189f1cf3e45f707bc	-	ol8_x86_64_u4_baseos_base

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691