Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Fedora 44 pyOpenSSL Important Buffer Overflow Fix CVE-2026-27459

fedora
Calendar Grey March 31, 2026
Dist Fedora Esm H88
Important Fedora 44 pyOpenSSL update fixes potential buffer overflow errors and enhances functionality.
Update to version 26.0.0 Added support for using aws-lc instead of OpenSSL

Summary

High-level wrapper around a subset of the OpenSSL library, includes among others

* SSL.Connection objects, wrapping the methods of Python's portable

sockets

* Callbacks written in Python

* Extensive error-handling mechanism, mirroring OpenSSL's error codes

Update Information:

Update to version 26.0.0 Added support for using aws-lc instead of OpenSSL. Properly raise an error if a DTLS cookie callback returned a cookie longer than DTLS1_COOKIE_LENGTH bytes. Previously this would result in a buffer-overflow. Credit to dark_haxor for reporting the issue. CVE-2026-27459 Added OpenSSL.SSL.Connection.get_group_name to determine which group name was negotiated. Context.set_tlsext_servername_callback now handles exceptions raised in the callback by calling sys.excepthook and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to Leury Castillo for reporting this issue. CVE-2026-27448

Topics%20covered

Topics Covered

security advisory fedora buffer overflow important pyopenssl cve-2026-27459

Change Log

* Wed Mar 18 2026 Jeremy Cline - 26.0.0-1 - Update to v26.0.0 - Added support for using aws-lc instead of OpenSSL. - Properly raise an error if a DTLS cookie callback returned a cookie longer than DTLS1_COOKIE_LENGTH bytes. Previously this would result in a buffer-overflow. Credit to dark_haxor for reporting the issue. CVE-2026-27459 - Added OpenSSL.SSL.Connection.get_group_name to determine which group name was negotiated. - Context.set_tlsext_servername_callback now handles exceptions raised in the callback by calling sys.excepthook and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to Leury Castillo for reporting this issue. CVE-2026-27448

References


[ 1 ] Bug #2448652 - CVE-2026-27459 pyOpenSSL: DTLS cookie callback buffer overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2448652

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-5697f4e025' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: pyOpenSSL
Product: Fedora 44
Version: 26.0.0
Release: 1.fc44
URL: https://www.pyopenssl.org/en/latest/
Summary: Python wrapper module around the OpenSSL library

Topics%20covered

Topics Covered

security advisory fedora buffer overflow important pyopenssl cve-2026-27459

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here