All errata/p10/ALT-PU-2024-17878-3
ALT-PU-2024-17878-3

Package update python3-module-certifi in branch p10

Version2024.8.30-alt1
Task#364853
Published2026-02-04
Max severityCRITICAL
Severity:

Closed issues (8)

BDU:2023-05463
HIGH7.5

Уязвимость корневых сертификатов e-Tugra пакета для проверки надежности сертификатов SSL Certifi, позволяющая нарушителю реализовать атаку типа «человек посередине»

Published: 2023-09-12Modified: 2025-11-19
CVSS 3.xHIGH 7.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N
References
BDU:2024-07771
HIGH7.5

Уязвимость пакета для проверки надежности сертификатов SSL Certifi, связанная с недостаточной проверкой подлинности данных, позволяющая нарушителю оказать влияние на целостность защищаемой информации

Published: 2024-10-04
CVSS 3.xHIGH 7.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N
References
CVE-2022-23491
HIGH7.5

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.

Published: 2022-12-07Modified: 2025-02-12
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
References
CVE-2023-37920
CRITICAL9.8

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.

Published: 2023-07-25Modified: 2025-02-13
CVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
CVE-2024-39689
HIGH7.5

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.7.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."

Published: 2024-07-05Modified: 2025-02-15
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
References
GHSA-248v-346w-9cwc
NONE

Certifi removes GLOBALTRUST root certificate

Published: 2024-07-05Modified: 2025-02-13
References
GHSA-43fp-rhv2-5gv8
MEDIUM5.9

Certifi removing TrustCor root certificate

Published: 2022-12-08Modified: 2025-02-12
CVSS 3.xMEDIUM 5.9
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
CVSS 4.0MEDIUM 5.9
CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
References
GHSA-xqr8-7jwr-rhp7
HIGH7.5

Removal of e-Tugra root certificate

Published: 2023-07-25Modified: 2025-02-13
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
References