Security
Headlines

Headlines Latest CVEs

Headline

GHSA-39hc-v87j-747x: Vulnerable OpenSSL included in cryptography wheels

pyca/cryptography’s wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 37.0.0-38.0.3 are vulnerable to a number of security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20221101.txt.

If you are building cryptography source (“sdist”) then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.

2 years ago

#vulnerability #ssl

pyca/cryptography’s wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 37.0.0-38.0.3 are vulnerable to a number of security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20221101.txt.

If you are building cryptography source (“sdist”) then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.

References

GHSA-39hc-v87j-747x
pyca/cryptography@382e759
pyca/cryptography@cf2ada6

ghsa: Latest News

GHSA-7p9f-6x8j-gxxp: CRI-O: Maliciously structured checkpoint file can gain arbitrary node access

1 day ago

GHSA-hh33-46q4-hwm2: Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion

1 day ago

GHSA-rmv2-8jjc-23xw: TCPDF Local File Inclusion vulnerability

1 day ago

GHSA-w5rq-g9r6-vrcg: @dapperduckling/keycloak-connector-server has Reflected XSS Vulnerability in Authentication Flow URL Handling

1 day ago

GHSA-q4xm-6fjc-5f6w: sigstore-java has vulnerability with bundle verification

1 day ago