Amazon Linux 2023 Security Advisory: ALAS-2023-446
Advisory Release Date: 2023-12-06 07:45 Pacific
Advisory Updated Date: 2023-12-14 21:43 Pacific
Severity:
Medium
Issue Overview:
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6. (CVE-2023-49083)
Affected Packages:
python-cryptography
Issue Correction:
Run dnf update python-cryptography --releasever 2023.3.20231211 to update your system.
New Packages:
aarch64:
python3-cryptography-debuginfo-36.0.1-1.amzn2023.0.5.aarch64
python-cryptography-debugsource-36.0.1-1.amzn2023.0.5.aarch64
python3-cryptography-36.0.1-1.amzn2023.0.5.aarch64
src:
python-cryptography-36.0.1-1.amzn2023.0.5.src
x86_64:
python3-cryptography-debuginfo-36.0.1-1.amzn2023.0.5.x86_64
python-cryptography-debugsource-36.0.1-1.amzn2023.0.5.x86_64
python3-cryptography-36.0.1-1.amzn2023.0.5.x86_64