Bug 2172404
Summary: | CVE-2023-23931 python-cryptography: memory corruption via immutable objects [rhel-8] | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Christian Heimes <cheimes> |
Component: | python-cryptography | Assignee: | Christian Heimes <cheimes> |
Status: | CLOSED ERRATA | QA Contact: | Michal Polovka <mpolovka> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 8.9 | CC: | frenaud, mpolovka, myusuf, ovasik, saroy, sumenon |
Target Milestone: | rc | Keywords: | Security, SecurityTracking, Triaged |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | python-cryptography-3.2.1-6.el8 | Doc Type: | No Doc Update |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2023-11-14 15:48:24 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2172416 | ||
Bug Blocks: | 2171817, 2171823, 2175090 |
Description
Christian Heimes
2023-02-22 09:48:57 UTC
c8s pull request: https://gitlab.com/redhat/centos-stream/rpms/python-cryptography/-/merge_requests/11 Verified manually using nightly RHEL8.9 machine with python3-cffi-1.11.5-6.el8.x86_64 and python3-cryptography-3.2.1-6.el8.x86_64. # python3 Python 3.6.8 (default, Jan 23 2023, 22:31:05) [GCC 8.5.0 20210514 (Red Hat 8.5.0-18)] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import os >>> from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes >>> c = Cipher(algorithms.AES(os.urandom(16)), modes.ECB()) >>> encryptor = c.encryptor() >>> buf = b"\x00" * 32 >>> encryptor.update_into(b"\xff" * 16, buf) Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/primitives/ciphers/base.py", line 159, in update_into return self._ctx.update_into(data, buf) File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/ciphers.py", line 138, in update_into baseoutbuf = self._backend._ffi.from_buffer(buf, require_writable=True) BufferError: Object is not writable. >>> buf == b"\x00" * 32 True Marking as Verified. *** Bug 2175092 has been marked as a duplicate of this bug. *** Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: python-cryptography security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:7096 |