- Vulnerability/
- USN-6539-1
USN-6539-1: python-cryptography vulnerabilities
First published: Wed Dec 06 2023(Updated: )
It was discovered that the python-cryptography Cipher.update_into function would incorrectly accept objects with immutable buffers. This would result in corrupted output, contrary to expectations. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-23931) It was dicovered that python-cryptography incorrectly handled loading certain PKCS7 certificates. A remote attacker could possibly use this issue to cause python-cryptography to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-49083)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/python3-cryptography | <38.0.4-4ubuntu0.23.10.1 | 38.0.4-4ubuntu0.23.10.1 |
| Ubuntu Ubuntu | =23.10 | |
| All of | ||
| ubuntu/python3-cryptography | <38.0.4-2ubuntu0.1 | 38.0.4-2ubuntu0.1 |
| Ubuntu Ubuntu | =23.04 | |
| All of | ||
| ubuntu/python3-cryptography | <3.4.8-1ubuntu2.1 | 3.4.8-1ubuntu2.1 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/python-cryptography | <2.8-3ubuntu0.2 | 2.8-3ubuntu0.2 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/python3-cryptography | <2.8-3ubuntu0.2 | 2.8-3ubuntu0.2 |
| Ubuntu Ubuntu | =20.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2023-49083
- https://ubuntu.com/security/CVE-2023-23931
- https://launchpad.net/ubuntu/+source/python-cryptography/38.0.4-4ubuntu0.23.10.1
- https://launchpad.net/ubuntu/+source/python-cryptography/38.0.4-2ubuntu0.1
- https://launchpad.net/ubuntu/+source/python-cryptography/3.4.8-1ubuntu2.1
- https://launchpad.net/ubuntu/+source/python-cryptography/2.8-3ubuntu0.2
- https://ubuntu.com/security/notices/USN-6539-1 (Advisory)
Frequently Asked Questions
What is the vulnerability ID of this advisory?
CVE-2023-23931
Which versions of Ubuntu are affected by this vulnerability?
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04
What is the remedy for Ubuntu 20.04 LTS?
Upgrade to version 2.8-3ubuntu0.2 of python-cryptography
What is the remedy for Ubuntu 22.04 LTS and Ubuntu 23.04?
Upgrade to version 3.4.8-1ubuntu2.1 of python3-cryptography
Where can I find more information about this vulnerability?
You can find more information about this vulnerability at the following URLs: [CVE-2023-23931](https://ubuntu.com/security/CVE-2023-23931), [CVE-2023-49083](https://ubuntu.com/security/CVE-2023-49083), [python-cryptography](https://launchpad.net/ubuntu/+source/python-cryptography/38.0.4-4ubuntu0.23.10.1)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/23.10
- version/ubuntu ubuntu/23.04
- version/ubuntu ubuntu/22.04
- version/ubuntu ubuntu/20.04