Packages
- python-cryptography - Cryptography Python library
Details
It was discovered that the python-cryptography Cipher.update_into function
would incorrectly accept objects with immutable buffers. This would result
in corrupted output, contrary to expectations. This issue only affected
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-23931)
It was dicovered that python-cryptography incorrectly handled loading
certain PKCS7 certificates. A remote attacker could possibly use this
issue to cause python-cryptography to crash, resulting in a denial of
service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and
Ubuntu 23.10. (CVE-2023-49083)
It was discovered that the python-cryptography Cipher.update_into function
would incorrectly accept objects with immutable buffers. This would result
in corrupted output, contrary to expectations. This issue only affected
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-23931)
It was dicovered that python-cryptography incorrectly handled loading
certain PKCS7 certificates. A remote attacker could possibly use this
issue to cause python-cryptography to crash, resulting in a denial of
service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and
Ubuntu 23.10. (CVE-2023-49083)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 23.10 mantic | python3-cryptography – 38.0.4-4ubuntu0.23.10.1 | ||
| 23.04 lunar | python3-cryptography – 38.0.4-2ubuntu0.1 | ||
| 22.04 jammy | python3-cryptography – 3.4.8-1ubuntu2.1 | ||
| 20.04 focal | python-cryptography – 2.8-3ubuntu0.2 | ||
| python3-cryptography – 2.8-3ubuntu0.2 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.