USN-6539-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-6539-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6539-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-6539-1

Related

Published

2023-12-06T15:22:41.164806Z

Modified

2023-12-06T15:22:41.164806Z

Summary

python-cryptography vulnerabilities

Details

It was discovered that the python-cryptography Cipher.update_into function would incorrectly accept objects with immutable buffers. This would result in corrupted output, contrary to expectations. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-23931)

It was dicovered that python-cryptography incorrectly handled loading certain PKCS7 certificates. A remote attacker could possibly use this issue to cause python-cryptography to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-49083)

References

Affected packages

Ubuntu:20.04:LTS / python-cryptography

Package

Name: python-cryptography
Purl: pkg:deb/ubuntu/python-cryptography?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.8-3ubuntu0.2

Affected versions

2.*

2.6.1-3.1

2.6.1-4

2.6.1-4ubuntu1

2.8-1ubuntu2

2.8-2

2.8-3

2.8-3ubuntu0.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "2.8-3ubuntu0.2",
            "binary_name": "python-cryptography"
        },
        {
            "binary_version": "2.8-3ubuntu0.2",
            "binary_name": "python-cryptography-dbgsym"
        },
        {
            "binary_version": "2.8-3ubuntu0.2",
            "binary_name": "python-cryptography-doc"
        },
        {
            "binary_version": "2.8-3ubuntu0.2",
            "binary_name": "python3-cryptography"
        },
        {
            "binary_version": "2.8-3ubuntu0.2",
            "binary_name": "python3-cryptography-dbgsym"
        }
    ]
}

Ubuntu:22.04:LTS / python-cryptography

Package

Name: python-cryptography
Purl: pkg:deb/ubuntu/python-cryptography?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.8-1ubuntu2.1

Affected versions

3.*

3.3.2-1

3.3.2-1build1

3.4.8-1

3.4.8-1ubuntu1

3.4.8-1ubuntu2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "3.4.8-1ubuntu2.1",
            "binary_name": "python-cryptography-doc"
        },
        {
            "binary_version": "3.4.8-1ubuntu2.1",
            "binary_name": "python3-cryptography"
        },
        {
            "binary_version": "3.4.8-1ubuntu2.1",
            "binary_name": "python3-cryptography-dbgsym"
        }
    ]
}

Ubuntu:23.10 / python-cryptography

Package

Name: python-cryptography
Purl: pkg:deb/ubuntu/python-cryptography?arch=src?distro=mantic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

38.0.4-4ubuntu0.23.10.1

Affected versions

38.*

38.0.4-2

38.0.4-3

38.0.4-4

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "38.0.4-4ubuntu0.23.10.1",
            "binary_name": "python-cryptography-doc"
        },
        {
            "binary_version": "38.0.4-4ubuntu0.23.10.1",
            "binary_name": "python3-cryptography"
        },
        {
            "binary_version": "38.0.4-4ubuntu0.23.10.1",
            "binary_name": "python3-cryptography-dbgsym"
        }
    ]
}