Updated python-cryptography & openssl packages fix security vulnerabilities
Publication date: 17 Feb 2025Modification date: 17 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-49083 , CVE-2023-50782 , CVE-2024-26130
Description
Cryptography vulnerable to NULL-dereference when loading PKCS7
certificates. (CVE-2023-49083)
Python-cryptography: bleichenbacher timing oracle attack against rsa
decryption - incomplete fix for cve-2020-25659. (CVE-2023-50782)
Cryptography NULL pointer deference with
pkcs12.serialize_key_and_certificates when called with a non-matching
certificate and private key and an hmac_hash override. (CVE-2024-26130)
References
- https://bugs.mageia.org/show_bug.cgi?id=32584
- https://www.openwall.com/lists/oss-security/2023/11/29/2
- https://ubuntu.com/security/notices/USN-6673-1
- https://ubuntu.com/security/notices/USN-6673-3
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49083
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50782
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26130
SRPMS
9/core
- openssl-3.0.15-1.3.mga9
- python-cryptography-39.0.1-1.1.mga9