SUSE-RU-2022:4567-1

Source
https://www.suse.com/support/update/announcement/2022/suse-ru-20224567-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2022:4567-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-RU-2022:4567-1
Related
Published
2022-12-19T12:59:33Z
Modified
2022-12-19T12:59:33Z
Summary
Recommended update for python-crcmod, python-cryptography, python-cryptography-vectors
Details

This update for python-crcmod, python-cryptography, python-cryptography-vectors contains the following fixes:

python-cryptography:

  • Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312)
  • Refresh patches for new version
  • Using the Fernet class to symmetrically encrypt multi gigabyte values. (bsc#1182066, CVE-2020-36242) could result in an integer overflow and buffer overflow.

  • update to 2.9.2

    • 2.9.2 - 2020-04-22
      • Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15.
    • 2.9.1 - 2020-04-21
      • Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g.
    • 2.9 - 2020-04-02
      • BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to low usage and maintenance burden.
      • BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed. Users on older version of OpenSSL will need to upgrade.
      • BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.
      • Removed support for calling publicbytes() with no arguments, as per our deprecation policy. You must now pass encoding and format.
      • BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514string() returns the RDNs as required by RFC 4514.
      • Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f.
      • Added support for parsing single_extensions in an OCSP response.
      • NameAttribute values can now be empty strings.

Changes in python-cryptography-vectors: - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312)

  • update to 2.9.2:
    • updated vectors for the cryptography 2.9.2 testing
References

Affected packages

SUSE:Linux Enterprise Module for Public Cloud 15 SP1 / python-cryptography-vectors

Package

Name
python-cryptography-vectors
Purl
purl:rpm/suse/python-cryptography-vectors&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.2-150000.3.7.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-cryptography-vectors": "2.9.2-150000.3.7.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS / python-bcrypt

Package

Name
python-bcrypt
Purl
purl:rpm/suse/python-bcrypt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.4-150100.6.2.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-bcrypt": "3.1.4-150100.6.2.1",
            "python2-cffi": "1.15.0-150000.4.11.2",
            "python2-cryptography": "2.9.2-150100.7.8.2",
            "python3-cffi": "1.15.0-150000.4.11.2",
            "python3-bcrypt": "3.1.4-150100.6.2.1",
            "python3-cryptography": "2.9.2-150100.7.8.2"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS / python-cffi

Package

Name
python-cffi
Purl
purl:rpm/suse/python-cffi&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.0-150000.4.11.2

Ecosystem specific

{
    "binaries": [
        {
            "python2-bcrypt": "3.1.4-150100.6.2.1",
            "python2-cffi": "1.15.0-150000.4.11.2",
            "python2-cryptography": "2.9.2-150100.7.8.2",
            "python3-cffi": "1.15.0-150000.4.11.2",
            "python3-bcrypt": "3.1.4-150100.6.2.1",
            "python3-cryptography": "2.9.2-150100.7.8.2"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS / python-cryptography

Package

Name
python-cryptography
Purl
purl:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.2-150100.7.8.2

Ecosystem specific

{
    "binaries": [
        {
            "python2-bcrypt": "3.1.4-150100.6.2.1",
            "python2-cffi": "1.15.0-150000.4.11.2",
            "python2-cryptography": "2.9.2-150100.7.8.2",
            "python3-cffi": "1.15.0-150000.4.11.2",
            "python3-bcrypt": "3.1.4-150100.6.2.1",
            "python3-cryptography": "2.9.2-150100.7.8.2"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP1-BCL / python-bcrypt

Package

Name
python-bcrypt
Purl
purl:rpm/suse/python-bcrypt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.4-150100.6.2.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-bcrypt": "3.1.4-150100.6.2.1",
            "python2-cffi": "1.15.0-150000.4.11.2",
            "python2-cryptography": "2.9.2-150100.7.8.2",
            "python3-cffi": "1.15.0-150000.4.11.2",
            "python3-bcrypt": "3.1.4-150100.6.2.1",
            "python3-cryptography": "2.9.2-150100.7.8.2"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP1-BCL / python-cffi

Package

Name
python-cffi
Purl
purl:rpm/suse/python-cffi&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.0-150000.4.11.2

Ecosystem specific

{
    "binaries": [
        {
            "python2-bcrypt": "3.1.4-150100.6.2.1",
            "python2-cffi": "1.15.0-150000.4.11.2",
            "python2-cryptography": "2.9.2-150100.7.8.2",
            "python3-cffi": "1.15.0-150000.4.11.2",
            "python3-bcrypt": "3.1.4-150100.6.2.1",
            "python3-cryptography": "2.9.2-150100.7.8.2"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP1-BCL / python-cryptography

Package

Name
python-cryptography
Purl
purl:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.2-150100.7.8.2

Ecosystem specific

{
    "binaries": [
        {
            "python2-bcrypt": "3.1.4-150100.6.2.1",
            "python2-cffi": "1.15.0-150000.4.11.2",
            "python2-cryptography": "2.9.2-150100.7.8.2",
            "python3-cffi": "1.15.0-150000.4.11.2",
            "python3-bcrypt": "3.1.4-150100.6.2.1",
            "python3-cryptography": "2.9.2-150100.7.8.2"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP1-LTSS / python-bcrypt

Package

Name
python-bcrypt
Purl
purl:rpm/suse/python-bcrypt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.4-150100.6.2.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-bcrypt": "3.1.4-150100.6.2.1",
            "python2-cffi": "1.15.0-150000.4.11.2",
            "python2-cryptography": "2.9.2-150100.7.8.2",
            "python3-cffi": "1.15.0-150000.4.11.2",
            "python3-bcrypt": "3.1.4-150100.6.2.1",
            "python3-cryptography": "2.9.2-150100.7.8.2"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP1-LTSS / python-cffi

Package

Name
python-cffi
Purl
purl:rpm/suse/python-cffi&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.0-150000.4.11.2

Ecosystem specific

{
    "binaries": [
        {
            "python2-bcrypt": "3.1.4-150100.6.2.1",
            "python2-cffi": "1.15.0-150000.4.11.2",
            "python2-cryptography": "2.9.2-150100.7.8.2",
            "python3-cffi": "1.15.0-150000.4.11.2",
            "python3-bcrypt": "3.1.4-150100.6.2.1",
            "python3-cryptography": "2.9.2-150100.7.8.2"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP1-LTSS / python-cryptography

Package

Name
python-cryptography
Purl
purl:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.2-150100.7.8.2

Ecosystem specific

{
    "binaries": [
        {
            "python2-bcrypt": "3.1.4-150100.6.2.1",
            "python2-cffi": "1.15.0-150000.4.11.2",
            "python2-cryptography": "2.9.2-150100.7.8.2",
            "python3-cffi": "1.15.0-150000.4.11.2",
            "python3-bcrypt": "3.1.4-150100.6.2.1",
            "python3-cryptography": "2.9.2-150100.7.8.2"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP1 / python-bcrypt

Package

Name
python-bcrypt
Purl
purl:rpm/suse/python-bcrypt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.4-150100.6.2.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-bcrypt": "3.1.4-150100.6.2.1",
            "python2-cffi": "1.15.0-150000.4.11.2",
            "python2-cryptography": "2.9.2-150100.7.8.2",
            "python3-cffi": "1.15.0-150000.4.11.2",
            "python3-bcrypt": "3.1.4-150100.6.2.1",
            "python3-cryptography": "2.9.2-150100.7.8.2"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP1 / python-cffi

Package

Name
python-cffi
Purl
purl:rpm/suse/python-cffi&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.0-150000.4.11.2

Ecosystem specific

{
    "binaries": [
        {
            "python2-bcrypt": "3.1.4-150100.6.2.1",
            "python2-cffi": "1.15.0-150000.4.11.2",
            "python2-cryptography": "2.9.2-150100.7.8.2",
            "python3-cffi": "1.15.0-150000.4.11.2",
            "python3-bcrypt": "3.1.4-150100.6.2.1",
            "python3-cryptography": "2.9.2-150100.7.8.2"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP1 / python-cryptography

Package

Name
python-cryptography
Purl
purl:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.2-150100.7.8.2

Ecosystem specific

{
    "binaries": [
        {
            "python2-bcrypt": "3.1.4-150100.6.2.1",
            "python2-cffi": "1.15.0-150000.4.11.2",
            "python2-cryptography": "2.9.2-150100.7.8.2",
            "python3-cffi": "1.15.0-150000.4.11.2",
            "python3-bcrypt": "3.1.4-150100.6.2.1",
            "python3-cryptography": "2.9.2-150100.7.8.2"
        }
    ]
}

SUSE:Enterprise Storage 6 / python-bcrypt

Package

Name
python-bcrypt
Purl
purl:rpm/suse/python-bcrypt&distro=SUSE%20Enterprise%20Storage%206

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.4-150100.6.2.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-bcrypt": "3.1.4-150100.6.2.1",
            "python2-cffi": "1.15.0-150000.4.11.2",
            "python2-cryptography": "2.9.2-150100.7.8.2",
            "python3-cffi": "1.15.0-150000.4.11.2",
            "python3-bcrypt": "3.1.4-150100.6.2.1",
            "python3-cryptography": "2.9.2-150100.7.8.2"
        }
    ]
}

SUSE:Enterprise Storage 6 / python-cffi

Package

Name
python-cffi
Purl
purl:rpm/suse/python-cffi&distro=SUSE%20Enterprise%20Storage%206

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.0-150000.4.11.2

Ecosystem specific

{
    "binaries": [
        {
            "python2-bcrypt": "3.1.4-150100.6.2.1",
            "python2-cffi": "1.15.0-150000.4.11.2",
            "python2-cryptography": "2.9.2-150100.7.8.2",
            "python3-cffi": "1.15.0-150000.4.11.2",
            "python3-bcrypt": "3.1.4-150100.6.2.1",
            "python3-cryptography": "2.9.2-150100.7.8.2"
        }
    ]
}

SUSE:Enterprise Storage 6 / python-cryptography

Package

Name
python-cryptography
Purl
purl:rpm/suse/python-cryptography&distro=SUSE%20Enterprise%20Storage%206

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.2-150100.7.8.2

Ecosystem specific

{
    "binaries": [
        {
            "python2-bcrypt": "3.1.4-150100.6.2.1",
            "python2-cffi": "1.15.0-150000.4.11.2",
            "python2-cryptography": "2.9.2-150100.7.8.2",
            "python3-cffi": "1.15.0-150000.4.11.2",
            "python3-bcrypt": "3.1.4-150100.6.2.1",
            "python3-cryptography": "2.9.2-150100.7.8.2"
        }
    ]
}