USN-6539-1
See a problem?- Source
- https://ubuntu.com/security/notices/USN-6539-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6539-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-6539-1
- Related
- Published
- 2023-12-06T15:22:41.164806Z
- Modified
- 2023-12-06T15:22:41.164806Z
- Summary
- python-cryptography vulnerabilities
- Details
-
It was discovered that the python-cryptography Cipher.update_into function would incorrectly accept objects with immutable buffers. This would result in corrupted output, contrary to expectations. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-23931)
It was dicovered that python-cryptography incorrectly handled loading certain PKCS7 certificates. A remote attacker could possibly use this issue to cause python-cryptography to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-49083)
- References
Affected packages
Ubuntu:20.04:LTS / python-cryptography
Package
- Name
- python-cryptography
- Purl
- pkg:deb/ubuntu/python-cryptography@2.8-3ubuntu0.2?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.8-3ubuntu0.2
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"python-cryptography": "2.8-3ubuntu0.2",
"python-cryptography-dbgsym": "2.8-3ubuntu0.2",
"python-cryptography-doc": "2.8-3ubuntu0.2",
"python3-cryptography": "2.8-3ubuntu0.2",
"python3-cryptography-dbgsym": "2.8-3ubuntu0.2"
}
]
}
Ubuntu:22.04:LTS / python-cryptography
Package
- Name
- python-cryptography
- Purl
- pkg:deb/ubuntu/python-cryptography@3.4.8-1ubuntu2.1?arch=src?distro=jammy