Alma Linux: CVE-2023-23931: Moderate: python-cryptography security update (Multiple Advisories)

Alma Linux: CVE-2023-23931: Moderate: python-cryptography security update (Multiple Advisories)

Severity

6

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:P)

Published

02/07/2023

Created

11/17/2023

Added

11/16/2023

Modified

01/28/2025

Description

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.

Solution(s)

• alma-upgrade-python3-cryptography
• alma-upgrade-python39
• alma-upgrade-python39-attrs
• alma-upgrade-python39-cffi
• alma-upgrade-python39-chardet
• alma-upgrade-python39-cryptography
• alma-upgrade-python39-cython
• alma-upgrade-python39-debug
• alma-upgrade-python39-devel
• alma-upgrade-python39-idle
• alma-upgrade-python39-idna
• alma-upgrade-python39-iniconfig
• alma-upgrade-python39-libs
• alma-upgrade-python39-lxml
• alma-upgrade-python39-mod_wsgi
• alma-upgrade-python39-more-itertools
• alma-upgrade-python39-numpy
• alma-upgrade-python39-numpy-doc
• alma-upgrade-python39-numpy-f2py
• alma-upgrade-python39-packaging
• alma-upgrade-python39-pip
• alma-upgrade-python39-pip-wheel
• alma-upgrade-python39-pluggy
• alma-upgrade-python39-ply
• alma-upgrade-python39-psutil
• alma-upgrade-python39-psycopg2
• alma-upgrade-python39-psycopg2-doc
• alma-upgrade-python39-psycopg2-tests
• alma-upgrade-python39-py
• alma-upgrade-python39-pybind11
• alma-upgrade-python39-pybind11-devel
• alma-upgrade-python39-pycparser
• alma-upgrade-python39-pymysql
• alma-upgrade-python39-pyparsing
• alma-upgrade-python39-pysocks
• alma-upgrade-python39-pytest
• alma-upgrade-python39-pyyaml
• alma-upgrade-python39-requests
• alma-upgrade-python39-rpm-macros
• alma-upgrade-python39-scipy
• alma-upgrade-python39-setuptools
• alma-upgrade-python39-setuptools-wheel
• alma-upgrade-python39-six
• alma-upgrade-python39-test
• alma-upgrade-python39-tkinter
• alma-upgrade-python39-toml
• alma-upgrade-python39-urllib3
• alma-upgrade-python39-wcwidth
• alma-upgrade-python39-wheel
• alma-upgrade-python39-wheel-wheel

References

• https://attackerkb.com/topics/cve-2023-23931
• CVE - 2023-23931
• https://errata.almalinux.org/8/ALSA-2023-7096.html
• https://errata.almalinux.org/8/ALSA-2024-2985.html
• https://errata.almalinux.org/9/ALSA-2023-6615.html