vulnerability

Rocky Linux: CVE-2023-23931: python39-3.9-and-python39-devel-3.9 (RLSA-2024-2985)

Try Surface Command
Back to search
Severity
6
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:P)
Published
02/07/2023
Added
06/17/2024
Modified
01/28/2025

Description

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.

Solution(s)

rocky-upgrade-cython-debugsourcerocky-upgrade-numpy-debugsourcerocky-upgrade-python-cffi-debugsourcerocky-upgrade-python-cryptography-debugsourcerocky-upgrade-python-lxml-debugsourcerocky-upgrade-python-psutil-debugsourcerocky-upgrade-python-psycopg2-debugsourcerocky-upgrade-python39-cffirocky-upgrade-python39-cffi-debuginforocky-upgrade-python39-cryptographyrocky-upgrade-python39-cryptography-debuginforocky-upgrade-python39-cythonrocky-upgrade-python39-cython-debuginforocky-upgrade-python39-lxmlrocky-upgrade-python39-lxml-debuginforocky-upgrade-python39-mod_wsgirocky-upgrade-python39-numpyrocky-upgrade-python39-numpy-debuginforocky-upgrade-python39-numpy-f2pyrocky-upgrade-python39-psutilrocky-upgrade-python39-psutil-debuginforocky-upgrade-python39-psycopg2rocky-upgrade-python39-psycopg2-debuginforocky-upgrade-python39-psycopg2-docrocky-upgrade-python39-psycopg2-testsrocky-upgrade-python39-pybind11rocky-upgrade-python39-pybind11-develrocky-upgrade-python39-pyyamlrocky-upgrade-python39-pyyaml-debuginforocky-upgrade-python39-scipyrocky-upgrade-python39-scipy-debuginforocky-upgrade-pyyaml-debugsourcerocky-upgrade-scipy-debugsource

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today