Arch Linux Security Advisory ASA-202102-36
=========================================
Severity: Medium
Date    : 2021-02-27
CVE-ID  : CVE-2020-36242
Package : python-cryptography
Type    : incorrect calculation
Remote  : No
Link    : https://security.archlinux.org/AVG-1541

Summary
======
The package python-cryptography before version 3.4-1 is vulnerable to
incorrect calculation.

Resolution
=========
Upgrade to 3.4-1.

# pacman -Syu "python-cryptography>=3.4-1"

The problem has been fixed upstream in version 3.4.

Workaround
=========
None.

Description
==========
In python-cryptography before version 3.3.2, certain sequences of
update calls to symmetrically encrypt multiple gigabytes of data could
result in an integer overflow, leading to mishandling of buffers.

Impact
=====
Unintentional use of the API could lead to buffer mishandling, causing
application crashes or incorrectly encrypted data.

References
=========
https://github.com/pyca/cryptography/security/advisories/GHSA-rhm9-p9w5-fwm7
https://github.com/pyca/cryptography/issues/5615
https://github.com/pyca/cryptography/pull/5747
https://github.com/pyca/cryptography/commit/82b6ce28389f0a317bc55ba2091a74b346db7cae
https://security.archlinux.org/CVE-2020-36242

ArchLinux: 202102-36: python-cryptography: incorrect calculation

March 1, 2021

Summary

In python-cryptography before version 3.3.2, certain sequences of update calls to symmetrically encrypt multiple gigabytes of data could result in an integer overflow, leading to mishandling of buffers.

Resolution

Upgrade to 3.4-1. # pacman -Syu "python-cryptography>=3.4-1"
The problem has been fixed upstream in version 3.4.

References

https://github.com/pyca/cryptography/security/advisories/GHSA-rhm9-p9w5-fwm7 https://github.com/pyca/cryptography/issues/5615 https://github.com/pyca/cryptography/pull/5747 https://github.com/pyca/cryptography/commit/82b6ce28389f0a317bc55ba2091a74b346db7cae https://security.archlinux.org/CVE-2020-36242

Severity
Package : python-cryptography
Type : incorrect calculation
Remote : No
Link : https://security.archlinux.org/AVG-1541

Workaround

None.

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved