Advisories » MGASA-2015-0460

Updated python-cryptography packages fix security vulnerability

Publication date: 27 Nov 2015
Modification date: 27 Nov 2015
Type: security
Affected Mageia releases : 5

Description

The OpenSSL backend prior to 1.0.2 made extensive use of assertions to
check response codes where our tests could not trigger a failure. However,
when Python is run with -O these asserts are optimized away. If a user ran
Python with this flag and got an invalid response code this could result
in undefined behavior or worse (rhbz#1267548).

The python-cryptography and python-cryptography-vectors packages have been
updated to version 1.0.2 and python-pyasn1 has been updated to version
0.1.8, fixing this issue.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17144
• https://lists.fedoraproject.org/pipermail/package-announce/2015-November/171389.html
• https://lists.fedoraproject.org/pipermail/package-announce/2015-November/171390.html

SRPMS

5/core

• python-cryptography-1.0.2-1.mga5
• python-cryptography-vectors-1.0.2-1.mga5
• python-pyasn1-0.1.8-1.mga5
• python-idna-2.0-1.mga5
• python-ipaddress-1.0.15-1.mga5
• python-cffi-1.1.2-1.mga5