Amazon Linux 2023: CVE-2023-49083: Medium priority package update for python-cryptography

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.
A null-pointer dereference vulnerability was found in python-cryptography during the loading of PKCS7 certificates. Invoking "load_pem_pkcs7_certificates" or "load_der_pkcs7_certificates" can trigger this issue and lead to subsequent segmentation fault and result in a Denial of Service (DoS) for any application aiming to deserialize a PKCS7 blob or certificate. The potential impact includes disruptions in system availability and stability.