Security update for python-cryptography, python-cryptography-vectors SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:0604-1 Final 1 1 2023-03-02T14:52:43Z current 2023-03-02T14:52:43Z 2023-03-02T14:52:43Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-cryptography, python-cryptography-vectors This update for python-cryptography, python-cryptography-vectors fixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - CVE-2020-36242: Fixed a bug where certain sequences of update() calls could result in integer overflow (bsc#1182066). - CVE-2020-25659: Fixed Bleichenbacher vulnerabilities (bsc#1178168). - update to 3.3.2 (bsc#1198331) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container ses/7.1/cephcsi/cephcsi:latest-2023-604,Container ses/7.1/rook/ceph:latest-2023-604,Image SLES15-SP2-SAP-Azure-LI-BYOS-Production-2023-604,Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production-2023-604,Image SLES15-SP3-CHOST-BYOS-Aliyun-2023-604,Image SLES15-SP3-CHOST-BYOS-Azure-2023-604,Image SLES15-SP3-CHOST-BYOS-EC2-2023-604,Image SLES15-SP3-CHOST-BYOS-SAP-CCloud-2023-604,Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure-2023-604,Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM-2023-604,Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE-2023-604,Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure-2023-604,Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM-2023-604,Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE-2023-604,Image SLES15-SP3-Micro-5-1-BYOS-Azure-2023-604,Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM-2023-604,Image SLES15-SP3-Micro-5-1-BYOS-GCE-2023-604,Image SLES15-SP3-Micro-5-2-BYOS-Azure-2023-604,Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM-2023-604,Image SLES15-SP3-Micro-5-2-BYOS-GCE-2023-604,Image SLES15-SP3-SAP-Azure-LI-BYOS-Production-2023-604,Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production-2023-604,SUSE-2023-604,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-604,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-604,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-604,SUSE-SLE-Product-RT-15-SP3-2023-604,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-604,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-604,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-604,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-604,SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-604,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-604,SUSE-SUSE-MicroOS-5.1-2023-604,SUSE-SUSE-MicroOS-5.2-2023-604,SUSE-Storage-7-2023-604,SUSE-Storage-7.1-2023-604 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20230604-1/ Link for SUSE-SU-2023:0604-1 https://lists.suse.com/pipermail/sle-security-updates/2023-March/013960.html E-Mail link for SUSE-SU-2023:0604-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1178168 SUSE Bug 1178168 https://bugzilla.suse.com/1182066 SUSE Bug 1182066 https://bugzilla.suse.com/1198331 SUSE Bug 1198331 https://bugzilla.suse.com/1199282 SUSE Bug 1199282 https://www.suse.com/security/cve/CVE-2020-25659/ SUSE CVE CVE-2020-25659 page https://www.suse.com/security/cve/CVE-2020-36242/ SUSE CVE CVE-2020-36242 page Container ses/7.1/cephcsi/cephcsi:latest Container ses/7.1/rook/ceph:latest Image SLES15-SP2-SAP-Azure-LI-BYOS-Production Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production Image SLES15-SP3-CHOST-BYOS-Aliyun Image SLES15-SP3-CHOST-BYOS-Azure Image SLES15-SP3-CHOST-BYOS-EC2 Image SLES15-SP3-CHOST-BYOS-SAP-CCloud Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE Image SLES15-SP3-Micro-5-1-BYOS-Azure Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM Image SLES15-SP3-Micro-5-1-BYOS-GCE Image SLES15-SP3-Micro-5-2-BYOS-Azure Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM Image SLES15-SP3-Micro-5-2-BYOS-GCE Image SLES15-SP3-SAP-Azure-LI-BYOS-Production Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Real Time 15 SP3 SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 python3-cryptography-3.3.2-150200.16.1 python2-cryptography-3.3.2-150200.16.1 python2-cryptography-vectors-3.3.2-150200.3.6.1 python3-cryptography-vectors-3.3.2-150200.3.6.1 python3-cryptography-3.3.2-150200.16.1 as a component of Container ses/7.1/cephcsi/cephcsi:latest python3-cryptography-3.3.2-150200.16.1 as a component of Container ses/7.1/rook/ceph:latest python3-cryptography-3.3.2-150200.16.1 as a component of Image SLES15-SP2-SAP-Azure-LI-BYOS-Production python3-cryptography-3.3.2-150200.16.1 as a component of Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production python3-cryptography-3.3.2-150200.16.1 as a component of Image SLES15-SP3-CHOST-BYOS-Aliyun python3-cryptography-3.3.2-150200.16.1 as a component of Image SLES15-SP3-CHOST-BYOS-Azure python3-cryptography-3.3.2-150200.16.1 as a component of Image SLES15-SP3-CHOST-BYOS-EC2 python3-cryptography-3.3.2-150200.16.1 as a component of Image SLES15-SP3-CHOST-BYOS-SAP-CCloud python3-cryptography-3.3.2-150200.16.1 as a component of Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure python3-cryptography-3.3.2-150200.16.1 as a component of Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM python3-cryptography-3.3.2-150200.16.1 as a component of Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE python2-cryptography-3.3.2-150200.16.1 as a component of Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure python3-cryptography-3.3.2-150200.16.1 as a component of Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure python2-cryptography-3.3.2-150200.16.1 as a component of Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM python3-cryptography-3.3.2-150200.16.1 as a component of Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM python2-cryptography-3.3.2-150200.16.1 as a component of Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE python3-cryptography-3.3.2-150200.16.1 as a component of Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE python3-cryptography-3.3.2-150200.16.1 as a component of Image SLES15-SP3-Micro-5-1-BYOS-Azure python3-cryptography-3.3.2-150200.16.1 as a component of Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM python3-cryptography-3.3.2-150200.16.1 as a component of Image SLES15-SP3-Micro-5-1-BYOS-GCE python3-cryptography-3.3.2-150200.16.1 as a component of Image SLES15-SP3-Micro-5-2-BYOS-Azure python3-cryptography-3.3.2-150200.16.1 as a component of Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM python3-cryptography-3.3.2-150200.16.1 as a component of Image SLES15-SP3-Micro-5-2-BYOS-GCE python3-cryptography-3.3.2-150200.16.1 as a component of Image SLES15-SP3-SAP-Azure-LI-BYOS-Production python3-cryptography-3.3.2-150200.16.1 as a component of Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production python2-cryptography-3.3.2-150200.16.1 as a component of SUSE Enterprise Storage 7 python3-cryptography-3.3.2-150200.16.1 as a component of SUSE Enterprise Storage 7 python3-cryptography-3.3.2-150200.16.1 as a component of SUSE Enterprise Storage 7.1 python2-cryptography-3.3.2-150200.16.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS python3-cryptography-3.3.2-150200.16.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS python3-cryptography-3.3.2-150200.16.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS python3-cryptography-3.3.2-150200.16.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS python3-cryptography-3.3.2-150200.16.1 as a component of SUSE Linux Enterprise Micro 5.1 python3-cryptography-3.3.2-150200.16.1 as a component of SUSE Linux Enterprise Micro 5.2 python3-cryptography-3.3.2-150200.16.1 as a component of SUSE Linux Enterprise Real Time 15 SP3 python2-cryptography-3.3.2-150200.16.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS python3-cryptography-3.3.2-150200.16.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS python3-cryptography-3.3.2-150200.16.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS python2-cryptography-3.3.2-150200.16.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 python3-cryptography-3.3.2-150200.16.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 python3-cryptography-3.3.2-150200.16.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 python3-cryptography-3.3.2-150200.16.1 as a component of SUSE Manager Proxy 4.2 python2-cryptography-3.3.2-150200.16.1 as a component of SUSE Manager Server 4.2 python3-cryptography-3.3.2-150200.16.1 as a component of SUSE Manager Server 4.2 python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. CVE-2020-25659 Container ses/7.1/cephcsi/cephcsi:latest:python3-cryptography-3.3.2-150200.16.1 Container ses/7.1/rook/ceph:latest:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-CHOST-BYOS-Aliyun:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-CHOST-BYOS-Azure:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-CHOST-BYOS-EC2:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-CHOST-BYOS-SAP-CCloud:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:python2-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM:python2-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE:python2-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Micro-5-1-BYOS-Azure:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Micro-5-1-BYOS-GCE:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Micro-5-2-BYOS-Azure:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Micro-5-2-BYOS-GCE:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:python3-cryptography-3.3.2-150200.16.1 SUSE Enterprise Storage 7.1:python3-cryptography-3.3.2-150200.16.1 SUSE Enterprise Storage 7:python2-cryptography-3.3.2-150200.16.1 SUSE Enterprise Storage 7:python3-cryptography-3.3.2-150200.16.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python2-cryptography-3.3.2-150200.16.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-cryptography-3.3.2-150200.16.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:python3-cryptography-3.3.2-150200.16.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python3-cryptography-3.3.2-150200.16.1 SUSE Linux Enterprise Micro 5.1:python3-cryptography-3.3.2-150200.16.1 SUSE Linux Enterprise Micro 5.2:python3-cryptography-3.3.2-150200.16.1 SUSE Linux Enterprise Real Time 15 SP3:python3-cryptography-3.3.2-150200.16.1 SUSE Linux Enterprise Server 15 SP2-LTSS:python2-cryptography-3.3.2-150200.16.1 SUSE Linux Enterprise Server 15 SP2-LTSS:python3-cryptography-3.3.2-150200.16.1 SUSE Linux Enterprise Server 15 SP3-LTSS:python3-cryptography-3.3.2-150200.16.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:python2-cryptography-3.3.2-150200.16.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-cryptography-3.3.2-150200.16.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:python3-cryptography-3.3.2-150200.16.1 SUSE Manager Proxy 4.2:python3-cryptography-3.3.2-150200.16.1 SUSE Manager Server 4.2:python2-cryptography-3.3.2-150200.16.1 SUSE Manager Server 4.2:python3-cryptography-3.3.2-150200.16.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20230604-1/ https://www.suse.com/security/cve/CVE-2020-25659.html CVE-2020-25659 https://bugzilla.suse.com/1178168 SUSE Bug 1178168 In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. CVE-2020-36242 Container ses/7.1/cephcsi/cephcsi:latest:python3-cryptography-3.3.2-150200.16.1 Container ses/7.1/rook/ceph:latest:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-CHOST-BYOS-Aliyun:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-CHOST-BYOS-Azure:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-CHOST-BYOS-EC2:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-CHOST-BYOS-SAP-CCloud:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:python2-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM:python2-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE:python2-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Micro-5-1-BYOS-Azure:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Micro-5-1-BYOS-GCE:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Micro-5-2-BYOS-Azure:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-Micro-5-2-BYOS-GCE:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:python3-cryptography-3.3.2-150200.16.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:python3-cryptography-3.3.2-150200.16.1 SUSE Enterprise Storage 7.1:python3-cryptography-3.3.2-150200.16.1 SUSE Enterprise Storage 7:python2-cryptography-3.3.2-150200.16.1 SUSE Enterprise Storage 7:python3-cryptography-3.3.2-150200.16.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python2-cryptography-3.3.2-150200.16.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-cryptography-3.3.2-150200.16.1 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:python3-cryptography-3.3.2-150200.16.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python3-cryptography-3.3.2-150200.16.1 SUSE Linux Enterprise Micro 5.1:python3-cryptography-3.3.2-150200.16.1 SUSE Linux Enterprise Micro 5.2:python3-cryptography-3.3.2-150200.16.1 SUSE Linux Enterprise Real Time 15 SP3:python3-cryptography-3.3.2-150200.16.1 SUSE Linux Enterprise Server 15 SP2-LTSS:python2-cryptography-3.3.2-150200.16.1 SUSE Linux Enterprise Server 15 SP2-LTSS:python3-cryptography-3.3.2-150200.16.1 SUSE Linux Enterprise Server 15 SP3-LTSS:python3-cryptography-3.3.2-150200.16.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:python2-cryptography-3.3.2-150200.16.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-cryptography-3.3.2-150200.16.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:python3-cryptography-3.3.2-150200.16.1 SUSE Manager Proxy 4.2:python3-cryptography-3.3.2-150200.16.1 SUSE Manager Server 4.2:python2-cryptography-3.3.2-150200.16.1 SUSE Manager Server 4.2:python3-cryptography-3.3.2-150200.16.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20230604-1/ https://www.suse.com/security/cve/CVE-2020-36242.html CVE-2020-36242 https://bugzilla.suse.com/1182066 SUSE Bug 1182066