Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 647
    • Issues 647
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 172
    • Merge Requests 172
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #9867

Closed
Open
Opened Jan 18, 2019 by Alicha CH@alichaReporter
  • Report abuse
  • New issue
Report abuse New issue

[3.7] py-openssl: Multiple vulnerabilities (CVE-2018-1000807, CVE-2018-1000808)

CVE-2018-1000807: Use-after-free in X509 object handling

Python Cryptographic Authority pyopenssl version before 17.5.0 has a use-after-free vulnerability
in X509 object handling. This can result in a denial of service or potentially even code execution.

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-1000807

Patch:

https://github.com/pyca/pyopenssl/pull/723

CVE-2018-1000808: Failure to release memory before removing last reference in PKCS #12 (closed) Store

Python Cryptographic Authority pyopenssl version before 17.5.0 fails to release memory before removing last reference
in PKCS #12 (closed) Store. This can result in a Denial of service if memory runs low or is exhausted.

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-1000808

Patch:

https://github.com/pyca/pyopenssl/pull/723

(from redmine: issue id 9867, created on 2019-01-18, closed on 2019-01-18)

  • Relations:
    • parent #9865 (closed)
  • Changesets:
    • Revision 2b8672c5 by Natanael Copa on 2019-01-18T16:20:56Z:
main/py-openssl: security upgrade to 17.5.0

CVE-2018-1000807, CVE-2018-1000808

fixes #9867
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
3.7.2
Milestone
3.7.2
Assign milestone
Time tracking
None
Due date
None
3
Labels
Normal tag:security type:bug
Assign labels
  • View project labels
Reference: alpine/aports#9867