Advisories » MGASA-2016-0377

Updated python-cryptography package fixes security vulnerability

Publication date: 14 Nov 2016
Modification date: 14 Nov 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9243

Description

Fixed a bug where HKDF would return an empty byte-string if used with a
length less than algorithm.digest_size. (CVE-2016-9243)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=19736
• http://openwall.com/lists/oss-security/2016/11/09/2
• https://cryptography.io/en/latest/changelog/#id1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9243

SRPMS

5/core

• python-cryptography-1.0.2-1.1.mga5