ALT-PU-2016-3252-1
Package python-module-cryptography updated to version 1.6.0-alt1 for branch sisyphus in task 172620.
Closed vulnerabilities
Published: 2017-03-27
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-9243
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
References:
- [oss-security] 20161109 Re: CVE Request: Cryptography 1.5.3: HKDF might return an empty byte-string
- [oss-security] 20161109 Re: CVE Request: Cryptography 1.5.3: HKDF might return an empty byte-string
- 94216
- 94216
- USN-3138-1
- USN-3138-1
- https://cryptography.io/en/latest/changelog
- https://cryptography.io/en/latest/changelog
- https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874
- https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874
- https://github.com/pyca/cryptography/issues/3211
- https://github.com/pyca/cryptography/issues/3211
- FEDORA-2016-e77c8c1f3b
- FEDORA-2016-e77c8c1f3b
- FEDORA-2016-2d90e27e50
- FEDORA-2016-2d90e27e50
- FEDORA-2016-d3a2b640ce
- FEDORA-2016-d3a2b640ce