OESA-2026-1731
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1731
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2026-1731.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2026-1731
- Upstream
- Published
- 2026-03-27T14:03:54Z
- Modified
- 2026-03-27T14:18:59.428248Z
- Summary
- pyOpenSSL security update
- Details
-
pyOpenSSL is a rather thin wrapper around (a subset of) the OpenSSL library. With thin wrapper we mean that a lot of the object methods do nothing more than calling a corresponding function in the OpenSSL library.
Security Fix(es):
A security vulnerability exists in the PyOpenSSL library's
set_tlsext_servername_callbackfunction. When a user-provided callback function raises an unhandled exception, the connection would still be accepted. If a user relies on this callback for any security-sensitive behavior (such as server name-based access control or certificate validation), this vulnerability could allow the security mechanism to be bypassed, potentially permitting unauthorized connections or access.(CVE-2026-27448)pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to
set_cookie_generate_callbackreturned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.(CVE-2026-27459) - Database specific
{ "severity": "Critical" }- References
Affected packages
openEuler:24.03-LTS-SP3 / pyOpenSSL
Package
- Name
- pyOpenSSL
- Purl
- pkg:rpm/openEuler/pyOpenSSL&distro=openEuler-24.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed24.0.0-3.oe2403sp3