Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Fedora 43 Security Update for pyOpenSSL Addresses CVE-2026-27459 Issue

fedora
Calendar Grey March 27, 2026
Dist Fedora Esm H88
Essential update for pyOpenSSL in Fedora 43, addressing potential buffer overflow issues and enhancing security.
Update pyOpenSSL to v26.0.0 (security update) Update python-cryptography to v46.0.5 (dependency of pyOpenSSL 26) Update rust-asn1 to 0.22 (dependency of python-cryptography) Update...

Summary

High-level wrapper around a subset of the OpenSSL library, includes among others

* SSL.Connection objects, wrapping the methods of Python's portable

sockets

* Callbacks written in Python

* Extensive error-handling mechanism, mirroring OpenSSL's error codes

Update Information:

Update pyOpenSSL to v26.0.0 (security update) Update python-cryptography to v46.0.5 (dependency of pyOpenSSL 26) Update rust-asn1 to 0.22 (dependency of python-cryptography) Update kryoptic to v1.5 (required for rust-asn1 bump to 0.22) The security status of this update is only for pyOpenSSL.

Topics%20covered

Topics Covered

security advisory fedora buffer overflow OpenSSL python pyopenssl

Change Log

* Wed Mar 18 2026 Jeremy Cline - 26.0.0-1 - Update to v26.0.0 - Added support for using aws-lc instead of OpenSSL. - Properly raise an error if a DTLS cookie callback returned a cookie longer than DTLS1_COOKIE_LENGTH bytes. Previously this would result in a buffer-overflow. Credit to dark_haxor for reporting the issue. CVE-2026-27459 - Added OpenSSL.SSL.Connection.get_group_name to determine which group name was negotiated. - Context.set_tlsext_servername_callback now handles exceptions raised in the callback by calling sys.excepthook and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to Leury Castillo for reporting this issue. CVE-2026-27448 * Thu Jan 22 2026 Jeremy Cline - 25.3.0-1 - Update to 25.3.0 - pyOpenSSL now sets SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER on connections by default, matching CPython\u2019s behavior. - Added OpenSSL.SSL.Context.clear_mode. - Added OpenSSL.SSL.Context.set_tls13_ciphersuites to set the allowed TLS 1.3 ciphers. - Added OpenSSL.SSL.Connection.set_info_callback * Sat Jan 17 2026 Fedora Release Engineering - 25.1.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild

References


[ 1 ] Bug #2433650 - python-cryptography-46.0.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2433650 [ 2 ] Bug #2447727 - pyOpenSSL-26.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2447727 [ 3 ] Bug #2448652 - CVE-2026-27459 pyOpenSSL: DTLS cookie callback buffer overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2448652

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-9d5b9f45ec' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: pyOpenSSL
Product: Fedora 43
Version: 26.0.0
Release: 1.fc43
URL: https://www.pyopenssl.org/en/latest/
Summary: Python wrapper module around the OpenSSL library

Topics%20covered

Topics Covered

security advisory fedora buffer overflow OpenSSL python pyopenssl

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here