stable

python-cryptography-37.0.2-8.fc38

FEDORA-2023-749dd47c79 created by cheimes a year ago for Fedora 38

Security fix for CVE-2023-23931

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as bytes) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since update_into was originally introduced in cryptography 1.8.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2023-749dd47c79

This update has been submitted for testing by cheimes.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'failed'.

a year ago
User Icon adamwill commented & provided feedback a year ago

The install_default_update_live test failures here are caused by a problem in the test, not a problem in the update. I'm going to have to think a bit about how to resolve those, so I'll waive them for now. The other two failures were just blips, I'm re-running them (will do the waive once they've passed).

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'failed'.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'failed'.

a year ago

This update's test gating status has been changed to 'passed'.

a year ago

This update has been pushed to testing.

a year ago

This update has been submitted for stable by bodhi.

There is an ongoing freeze; this will be pushed to stable after the freeze is over.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
low
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
approved
a year ago
BZ#2171661 python-cryptography: FTBFS in Fedora rawhide/f38
0
0
BZ#2171817 CVE-2023-23931 python-cryptography: memory corruption via immutable objects
0
0
BZ#2171820 CVE-2023-23931 python-cryptography: memory corruption via immutable objects [fedora-36]
0
0
BZ#2171826 CVE-2023-23931 python-cryptography: memory corruption via immutable objects [fedora-37]
0
0

Automated Test Results