Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

Mageia 8: 2023-0071 Moderate: Python-Cryptography Buffer Issue

mageia
Calendar Grey February 27, 2023
Dist Mageia Esm H88
The latest python-cryptography update tackles a significant security vulnerability, reinforcing the integrity of data, launched on March 5.
Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immutable buffers

Summary

Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as 'bytes') to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. (CVE-2023-23931)

References

- https://bugs.mageia.org/show_bug.cgi?id=31584

- https://lists.debian.org/debian-lts-announce/2023/02/msg00027.html

- https://www.cve.org/CVERecord?id=CVE-2023-23931

Resolution

SRPMS

- 8/core/python-cryptography-3.3.1-1.2.mga8

Severity
medium
Lowest
Low
Medium
High
Critical

Publication date: 27 Feb 2023
URL: https://advisories.mageia.org/MGASA-2023-0071.html
Type: security
CVE: CVE-2023-23931

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.