cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.
Created python-cryptography tracking bugs for this issue: Affects: fedora-36 [bug 2171820]
Created python-cryptography tracking bugs for this issue: Affects: fedora-37 [bug 2171826]
Hi ybuenos, we're currently adding python3.11-cryptography to [RHEL 8.8] and [RHEL 9.2]. Could you please create a CVE bug for these components so we can fix them before we release the packages? [RHEL 8.8] https://issues.redhat.com/browse/RHELPLAN-143585 [RHEl 9.2] https://issues.redhat.com/browse/RHELPLAN-143619 Thank you!
FYI, RHEL 8.8 builds are blocked until rhbz#2172416 is resolved.
Created python-cryptography tracking bugs for this issue: Affects: openstack-rdo [bug 2173564] Created python-docker tracking bugs for this issue: Affects: openstack-rdo [bug 2173565] Created python3-cryptography tracking bugs for this issue: Affects: epel-7 [bug 2173566]
Created ansible-lint tracking bugs for this issue: Affects: fedora-all [bug 2173649] Created centpkg tracking bugs for this issue: Affects: epel-all [bug 2173643] Affects: fedora-all [bug 2173650] Created cura tracking bugs for this issue: Affects: fedora-all [bug 2173651] Created limnoria tracking bugs for this issue: Affects: fedora-all [bug 2173652] Created pypy tracking bugs for this issue: Affects: fedora-all [bug 2173653] Created pypy3.7 tracking bugs for this issue: Affects: fedora-all [bug 2173654] Created pypy3.8 tracking bugs for this issue: Affects: fedora-all [bug 2173655] Created pypy3.9 tracking bugs for this issue: Affects: fedora-all [bug 2173656] Created python-cryptography tracking bugs for this issue: Affects: fedora-all [bug 2173657] Created python-cryptography-vectors tracking bugs for this issue: Affects: epel-all [bug 2173644] Created python-docker tracking bugs for this issue: Affects: epel-all [bug 2173645] Affects: fedora-all [bug 2173658] Created python-molecule tracking bugs for this issue: Affects: fedora-all [bug 2173659] Created python-play-scraper tracking bugs for this issue: Affects: fedora-all [bug 2173660] Created python-rpi-gpio2 tracking bugs for this issue: Affects: fedora-all [bug 2173661] Created python-stem tracking bugs for this issue: Affects: fedora-all [bug 2173662] Created python-types-cryptography tracking bugs for this issue: Affects: fedora-all [bug 2173663] Created python-uvicorn tracking bugs for this issue: Affects: fedora-all [bug 2173664] Created python3-cryptography tracking bugs for this issue: Affects: epel-all [bug 2173646] Created python3-cryptography-vectors tracking bugs for this issue: Affects: epel-all [bug 2173647] Created python3-docker tracking bugs for this issue: Affects: epel-all [bug 2173648]
This issue has been addressed in the following products: Red Hat Ansible Automation Platform 2.4 for RHEL 8 Red Hat Ansible Automation Platform 2.4 for RHEL 9 Via RHSA-2023:4693 https://access.redhat.com/errata/RHSA-2023:4693
This issue has been addressed in the following products: Red Hat Ansible Automation Platform 2.4 for RHEL 9 Red Hat Ansible Automation Platform 2.4 for RHEL 8 Via RHSA-2023:4971 https://access.redhat.com/errata/RHSA-2023:4971
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6615 https://access.redhat.com/errata/RHSA-2023:6615
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2023:6793 https://access.redhat.com/errata/RHSA-2023:6793
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:7096 https://access.redhat.com/errata/RHSA-2023:7096
This issue has been addressed in the following products: Red Hat Quay 3 Via RHSA-2023:7341 https://access.redhat.com/errata/RHSA-2023:7341