MGASA-2018-0429
- Source
- https://advisories.mageia.org/MGASA-2018-0429.html
- Import Source
- https://advisories.mageia.org/MGASA-2018-0429.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2018-0429
- Related
- Published
- 2018-11-03T11:55:18Z
- Modified
- 2018-11-10T11:33:05Z
- Summary
- Updated python-cryptography packages fix security vulnerability
- Details
-
The python-cryptography and python-cryptography-vectors packages have been updated to version 2.3.1 and fixes the following security issue:
The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage (CVE-2018-10903).
- References
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:6 / python-cryptography
Package
- Name
- python-cryptography
- Purl
- pkg:rpm/mageia/python-cryptography?arch=source&distro=mageia-6
Mageia:6 / python-cryptography-vectors
Package
- Name
- python-cryptography-vectors
- Purl
- pkg:rpm/mageia/python-cryptography-vectors?arch=source&distro=mageia-6
Mageia:6 / python-asn1crypto
Package
- Name
- python-asn1crypto
- Purl
- pkg:rpm/mageia/python-asn1crypto?arch=source&distro=mageia-6
Mageia:6 / python-cffi
Package
- Name
- python-cffi
- Purl
- pkg:rpm/mageia/python-cffi?arch=source&distro=mageia-6