Advisories ยป MGASA-2015-0460

Updated python-cryptography packages fix security vulnerability

Publication date: 27 Nov 2015
Type: security
Affected Mageia releases : 5


The OpenSSL backend prior to 1.0.2 made extensive use of assertions to
check response codes where our tests could not trigger a failure. However,
when Python is run with -O these asserts are optimized away. If a user ran
Python with this flag and got an invalid response code this could result
in undefined behavior or worse (rhbz#1267548).

The python-cryptography and python-cryptography-vectors packages have been
updated to version 1.0.2 and python-pyasn1 has been updated to version
0.1.8, fixing this issue.