SUSE-SU-2022:4044-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2022/suse-su-20224044-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:4044-1.json

JSON Data

https://api.test.osv.dev/v1/vulns/SUSE-SU-2022:4044-1

Related

CVE-2018-10903

Published

2022-11-17T08:07:35Z

Modified

2022-11-17T08:07:35Z

Summary

Security update for python-cryptography, python-cryptography-vectors

Details

This update for python-cryptography, python-cryptography-vectors fixes the following issues:

Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312)
Refresh patches for new version
Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)
update to 2.9.2
- 2.9.2 - 2020-04-22
  - Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15.
- 2.9.1 - 2020-04-21
  - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g.
- 2.9 - 2020-04-02
  - BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to low usage and maintenance burden.
  - BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed. Users on older version of OpenSSL will need to upgrade.
  - BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.
  - Removed support for calling publicbytes() with no arguments, as per our deprecation policy. You must now pass encoding and format.
  - BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514string() returns the RDNs as required by RFC 4514.
  - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f.
  - Added support for parsing single_extensions in an OCSP response.
  - NameAttribute values can now be empty strings.
Add openSSL_111d.patch to make this version of the package compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792.
bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in finalizewithtag API
Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312)
Include in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)
update to 2.9.2:
- updated vectors for the cryptography 2.9.2 testing

References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 SP3 / python-cryptography

Package

Name: python-cryptography
Purl: pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.2-150200.13.1

Ecosystem specific

{
    "binaries": [
        {
            "python3-cryptography": "2.9.2-150200.13.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Python 2 15 SP3 / python-cryptography

Package

Name: python-cryptography
Purl: pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.2-150200.13.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-cryptography": "2.9.2-150200.13.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOS / python-cryptography

Package

Name: python-cryptography
Purl: pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.2-150200.13.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-cryptography": "2.9.2-150200.13.1",
            "python3-cryptography": "2.9.2-150200.13.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSS / python-cryptography

Package

Name: python-cryptography
Purl: pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.2-150200.13.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-cryptography": "2.9.2-150200.13.1",
            "python3-cryptography": "2.9.2-150200.13.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP2-BCL / python-cryptography

Package

Name: python-cryptography
Purl: pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCL

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.2-150200.13.1

Ecosystem specific

{
    "binaries": [
        {
            "python3-cryptography": "2.9.2-150200.13.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP2-LTSS / python-cryptography

Package

Name: python-cryptography
Purl: pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.2-150200.13.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-cryptography": "2.9.2-150200.13.1",
            "python3-cryptography": "2.9.2-150200.13.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP2 / python-cryptography

Package

Name: python-cryptography
Purl: pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.2-150200.13.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-cryptography": "2.9.2-150200.13.1",
            "python3-cryptography": "2.9.2-150200.13.1"
        }
    ]
}

SUSE:Manager Proxy 4.1 / python-cryptography

Package

Name: python-cryptography
Purl: pkg:rpm/suse/python-cryptography&distro=SUSE%20Manager%20Proxy%204.1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.2-150200.13.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-cryptography": "2.9.2-150200.13.1",
            "python3-cryptography": "2.9.2-150200.13.1"
        }
    ]
}

SUSE:Manager Retail Branch Server 4.1 / python-cryptography

Package

Name: python-cryptography
Purl: pkg:rpm/suse/python-cryptography&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.2-150200.13.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-cryptography": "2.9.2-150200.13.1",
            "python3-cryptography": "2.9.2-150200.13.1"
        }
    ]
}

SUSE:Manager Server 4.1 / python-cryptography

Package

Name: python-cryptography
Purl: pkg:rpm/suse/python-cryptography&distro=SUSE%20Manager%20Server%204.1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.2-150200.13.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-cryptography": "2.9.2-150200.13.1",
            "python3-cryptography": "2.9.2-150200.13.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.1 / python-cryptography

Package

Name: python-cryptography
Purl: pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Micro%205.1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.2-150200.13.1

Ecosystem specific

{
    "binaries": [
        {
            "python3-cryptography": "2.9.2-150200.13.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.2 / python-cryptography

Package

Name: python-cryptography
Purl: pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Micro%205.2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.2-150200.13.1

Ecosystem specific

{
    "binaries": [
        {
            "python3-cryptography": "2.9.2-150200.13.1"
        }
    ]
}

SUSE:Enterprise Storage 7 / python-cryptography

Package

Name: python-cryptography
Purl: pkg:rpm/suse/python-cryptography&distro=SUSE%20Enterprise%20Storage%207

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.2-150200.13.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-cryptography": "2.9.2-150200.13.1",
            "python3-cryptography": "2.9.2-150200.13.1"
        }
    ]
}

openSUSE:Leap Micro 5.2 / python-cryptography

Package

Name: python-cryptography
Purl: pkg:rpm/opensuse/python-cryptography&distro=openSUSE%20Leap%20Micro%205.2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.2-150200.13.1

Ecosystem specific

{
    "binaries": [
        {
            "python3-cryptography": "2.9.2-150200.13.1"
        }
    ]
}

openSUSE:Leap 15.3 / python-cryptography

Package

Name: python-cryptography
Purl: pkg:rpm/opensuse/python-cryptography&distro=openSUSE%20Leap%2015.3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.2-150200.13.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-cryptography-vectors": "2.9.2-150200.3.3.1",
            "python2-cryptography": "2.9.2-150200.13.1",
            "python3-cryptography": "2.9.2-150200.13.1",
            "python3-cryptography-vectors": "2.9.2-150200.3.3.1"
        }
    ]
}

openSUSE:Leap 15.3 / python-cryptography-vectors

Package

Name: python-cryptography-vectors
Purl: pkg:rpm/opensuse/python-cryptography-vectors&distro=openSUSE%20Leap%2015.3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.2-150200.3.3.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-cryptography-vectors": "2.9.2-150200.3.3.1",
            "python2-cryptography": "2.9.2-150200.13.1",
            "python3-cryptography": "2.9.2-150200.13.1",
            "python3-cryptography-vectors": "2.9.2-150200.3.3.1"
        }
    ]
}