SUSE-SU-2021:0675-1

UNKNOWN

Security update for python-cryptography

Published Mar 2, 2021

Modified 5 years ago

Fix available

Details

This update for python-cryptography fixes the following issues:

CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte values could result in an integer overflow and buffer overflow (bsc#1182066).

Affected Packages

python-cryptography

SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCLSUSE Linux Enterprise Server 12 SP3-LTSS

Fixed in:

2.1.4-7.34.1

python3-cryptography

SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCLSUSE Linux Enterprise Server 12 SP3-LTSS

Fixed in:

2.1.4-7.34.1

References

REPORT

https://bugzilla.suse.com/1182066

WEB

https://www.suse.com/security/cve/CVE-2020-36242

ADVISORY

https://www.suse.com/support/update/announcement/2021/suse-su-20210675-1/

Upstream

CVE-2020-36242

Ecosystems(16)

SUSE HPE Helion OpenStack 8 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS

Timeline

PublishedMar 2, 2021

ModifiedMar 2, 2021

SUSE-SU-2021:0675-1 | Mondoo Vulnerability Intelligence