USN-6673-2

See a problem?

Source

https://ubuntu.com/security/notices/USN-6673-2

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6673-2.json

JSON Data

https://api.osv.dev/v1/vulns/USN-6673-2

Related

CVE-2023-50782
UBUNTU-CVE-2023-50782

Published

2024-03-14T08:59:53.800410Z

Modified

2024-03-14T08:59:53.800410Z

Summary

python-cryptography vulnerability

Details

USN-6673-1 provided a security update for python-cryptography. This update provides the corresponding update for Ubuntu 16.04 LTS.

Original advisory details:

Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information. (CVE-2023-50782)

References

Affected packages

Ubuntu:Pro:16.04:LTS / python-cryptography

Package

Name: python-cryptography
Purl: pkg:deb/ubuntu/python-cryptography@1.2.3-1ubuntu0.3+esm1?arch=src?distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.3-1ubuntu0.3+esm1

Affected versions

1.*

1.0.1-1ubuntu1

1.0.2-1

1.1-1

1.1.1-1

1.1.1-1ubuntu1

1.1.1-1ubuntu2

1.1.1-1ubuntu3

1.2.2-2

1.2.3-1

1.2.3-1ubuntu0.1

1.2.3-1ubuntu0.2

1.2.3-1ubuntu0.3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "python-cryptography": "1.2.3-1ubuntu0.3+esm1",
            "python-cryptography-doc": "1.2.3-1ubuntu0.3+esm1",
            "python3-cryptography": "1.2.3-1ubuntu0.3+esm1"
        }
    ]
}