UbuntuUpdates.org

Package "python-cryptography"

Name: python-cryptography

Description:

Python library exposing cryptographic recipes and primitives (Python 2)
Latest version: 2.8-3ubuntu0.3
Release: focal (20.04)
Level: security
Repository: universe
Homepage: https://cryptography.io/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "python-cryptography"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "python-cryptography" in Focal

Repository Area Version
base main 2.8-3
base universe 2.8-3
security main 2.8-3ubuntu0.3
updates universe 2.8-3ubuntu0.3
updates main 2.8-3ubuntu0.3

Changelog

Version: 2.8-3ubuntu0.3 2024-03-04 14:07:08 UTC

  python-cryptography (2.8-3ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: exposure of confidential data
    - debian/patches/CVE-2023-50782.patch: update bindings in
      src/_cffi_src/openssl/rsa.py to be compatible with new openssl version
      31.1.1f-1ubuntu2.22, which fixes the issue by changing PKCS#1 v1.5 RSA to
      return random output instead of an exception when detecting wrong padding
    - CVE-2023-50782

 -- Jorge Sancho Larraz <email address hidden> Thu, 29 Feb 2024 11:30:05 +0100
Source diff to previous version
CVE-2023-50782 A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA

Version: 2.8-3ubuntu0.2 2023-12-06 17:06:55 UTC

  python-cryptography (2.8-3ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: corrupted output via immutable objects
    - debian/patches/CVE-2023-23931.patch: don't allow update_into to
      mutate immutable objects in tests/hazmat/primitives/test_ciphers.py,
      src/cryptography/hazmat/backends/openssl/ciphers.py.
    - CVE-2023-23931

 -- Marc Deslauriers <email address hidden> Mon, 04 Dec 2023 15:04:00 -0500
Source diff to previous version
CVE-2023-23931 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` wou

Version: 2.8-3ubuntu0.1 2020-11-03 15:07:17 UTC

  python-cryptography (2.8-3ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Bleichenbacher timing oracle attack
    - debian/patches/CVE-2020-25659.patch: Attempt to mitigate
      Bleichenbacher attacks on RSA decryption docs/spelling_wordlist.txt,
      src/cryptography/hazmat/backends/openssl/rsa.py.
    - CVE-2020-25659

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 28 Oct 2020 13:10:56 -0300
CVE-2020-25659 bleichenbacher timing oracle attack against RSA decryption


About   -   Send Feedback to @ubuntu_updates