2415408 – Update python-pytcryptodomex to >= 3.19.1 in EPEL-8 for CVE-2023-52323

Bug 2415408 - Update python-pytcryptodomex to >= 3.19.1 in EPEL-8 for CVE-2023-52323

Summary: Update python-pytcryptodomex to >= 3.19.1 in EPEL-8 for CVE-2023-52323

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	python-pycryptodomex
Sub Component:
Version:	epel8
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Mohamed El Morabity
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-11-17 16:44 UTC by David Mueller
Modified:	2026-01-12 00:36 UTC (History)
CC List:	2 users (show)
Fixed In Version:	python-pycryptodomex-3.21.0-1.el8
Clone Of:
Environment:
Last Closed:	2026-01-12 00:36:16 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	2257028	0	medium	NEW	CVE-2023-52323 pycryptodome: side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex	2025-11-17 16:44:01 UTC

Description David Mueller 2025-11-17 16:44:01 UTC

Description of problem:

python-pycryptodomex for EPEL-8 is still version 3.10.1 and is thus affected by CVE-2023-52323. This CVE was fixed in version 3.19.1 so it needs to be updated to at least that version to resolve the CVE. EPEL-9 contains 3.20.0; 3.21.0 is the newest version that is viable for EPEL-8 since Python 3.6 support was removed in 3.22.0 per the upstream changelog: https://www.pycryptodome.org/src/changelog

This vulnerability was fixed in several RHEL packages that include pycryptodome in bug #2257028. 


Version-Release number of selected component (if applicable):

3.10.1

Comment 1 Fedora Update System 2026-01-03 03:42:09 UTC

FEDORA-EPEL-2026-4013949761 (python-pycryptodomex-3.21.0-1.el8) has been submitted as an update to Fedora EPEL 8.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-4013949761

Comment 2 Fedora Update System 2026-01-04 01:17:56 UTC

FEDORA-EPEL-2026-4013949761 has been pushed to the Fedora EPEL 8 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-4013949761

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 3 Fedora Update System 2026-01-12 00:36:16 UTC

FEDORA-EPEL-2026-4013949761 (python-pycryptodomex-3.21.0-1.el8) has been pushed to the Fedora EPEL 8 stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.