ArchLinux: 202102-36: python-cryptography: incorrect calculation
Summary
In python-cryptography before version 3.3.2, certain sequences of update calls to symmetrically encrypt multiple gigabytes of data could result in an integer overflow, leading to mishandling of buffers.
Resolution
Upgrade to 3.4-1.
# pacman -Syu "python-cryptography>=3.4-1"
The problem has been fixed upstream in version 3.4.
References
https://github.com/pyca/cryptography/security/advisories/GHSA-rhm9-p9w5-fwm7 https://github.com/pyca/cryptography/issues/5615 https://github.com/pyca/cryptography/pull/5747 https://github.com/pyca/cryptography/commit/82b6ce28389f0a317bc55ba2091a74b346db7cae https://security.archlinux.org/CVE-2020-36242
Workaround
None.