[3.8] py-openssl: Multiple vulnerabilities (CVE-2018-1000807, CVE-2018-1000808)
CVE-2018-1000807: Use-after-free in X509 object handling
Python Cryptographic Authority pyopenssl version before 17.5.0 has a
use-after-free vulnerability
in X509 object handling. This can result in a denial of service or
potentially even code execution.
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-1000807
Patch:
https://github.com/pyca/pyopenssl/pull/723
#12 Store
CVE-2018-1000808: Failure to release memory before removing last reference in PKCSPython Cryptographic Authority pyopenssl version before 17.5.0 fails to
release memory before removing last reference
in PKCS #12 Store. This can result in a Denial of service if memory
runs low or is exhausted.
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-1000808
Patch:
https://github.com/pyca/pyopenssl/pull/723
(from redmine: issue id 9866, created on 2019-01-18, closed on 2019-01-18)
- Relations:
- parent #9865 (closed)
- Changesets:
- Revision 8f415a0a by Natanael Copa on 2019-01-18T16:16:02Z:
main/py-openssl: security upgrade to 17.5.0
CVE-2018-1000807, CVE-2018-1000808
fixes #9866