[3.7] py-openssl: Multiple vulnerabilities (CVE-2018-1000807, CVE-2018-1000808) (#9867) · Issues · alpine / aports

[3.7] py-openssl: Multiple vulnerabilities (CVE-2018-1000807, CVE-2018-1000808)

CVE-2018-1000807: Use-after-free in X509 object handling

Python Cryptographic Authority pyopenssl version before 17.5.0 has a use-after-free vulnerability
in X509 object handling. This can result in a denial of service or potentially even code execution.

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-1000807

Patch:

https://github.com/pyca/pyopenssl/pull/723

CVE-2018-1000808: Failure to release memory before removing last reference in PKCS #12 (closed) Store

Python Cryptographic Authority pyopenssl version before 17.5.0 fails to release memory before removing last reference
in PKCS #12 (closed) Store. This can result in a Denial of service if memory runs low or is exhausted.

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-1000808

Patch:

https://github.com/pyca/pyopenssl/pull/723

(from redmine: issue id 9867, created on 2019-01-18, closed on 2019-01-18)

Relations:
- parent #9865 (closed)
Changesets:
- Revision 2b8672c5 by Natanael Copa on 2019-01-18T16:20:56Z:

main/py-openssl: security upgrade to 17.5.0

CVE-2018-1000807, CVE-2018-1000808

fixes #9867

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information