You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa pyOpenSSL

Sigurnosni nedostaci programskog paketa pyOpenSSL

==========================================================================
Ubuntu Security Notice USN-3813-1
November 08, 2018

pyopenssl vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in pyOpenSSL.

Software Description:
– pyopenssl: Python wrapper around the OpenSSL library

Details:

It was discovered that pyOpenSSL incorrectly handled memory when handling
X509 objects. A remote attacker could use this issue to cause pyOpenSSL to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2018-1000807)

It was discovered that pyOpenSSL incorrectly handled memory when performing
operations on a PKCS #12 store. A remote attacker could possibly use this
issue to cause pyOpenSSL to consume resources, resulting in a denial of
service. (CVE-2018-1000808)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
python-openssl 0.15.1-2ubuntu0.2
python3-openssl 0.15.1-2ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3813-1
CVE-2018-1000807, CVE-2018-1000808

Package Information:
https://launchpad.net/ubuntu/+source/pyopenssl/0.15.1-2ubuntu0.2

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlvkTuQACgkQZWnYVadE
vpMNNhAAi+UctHC2a33qWCHd/zlKeqZwxYAo1ubqcoycVZpCfkI1glP2jvQEv25/
OU/6Xb+60ugoXIOUvulUE/DqerCcpXF7e4OSGp5UIdQSruqrDioPSKnrhFhcWL9e
NX1nPZKdsHHgP1sGtMkY8L42A5/x7zvUzFWFTWXjjQBkdDagxAk9ygY8/rPNlcQt
YwHjEoXEjoNmA6Ch+gSp5XW33g5G5QiOoP4SHOLTtuOzUkIsOeCKW1AYzTDJRkkN
NvNevS5GdvjLYAQwAwCEJCc31iGNF8fimQjCzN0RRsj6VvfMUpVY3pIo4a6Bs8S1
DZjs1vgwSFfbA/JG7tzBxQRDSvpUGdoyZm/bOTkmPt85fwJyP+LMvKJcleDSIcB0
vXGM2eezmsBoAuaXLfxP5aKDOhU9SO54NAqtmXPSaloVpmDU5b/xOnwDYCK1676N
N+RAIuNlkgKEgL8PlFgvRFLauyCoAdyU4XWUG+DkaQgwv7os0w7gu01miu3DRZNx
koi+18xCqxOguriC5e5fGzTSw3w8zVrjsoDGFfiQTjwYKt/uJOM3FeocihyXsL3r
drSVFaWY2BV9HqT1DVndZjBvui+xDXOWiptRUUvu3erXcckbJ3eQ4mQR06xJbmW8
X3wuflcw9UDL2lqGgA7/rVi3j2DYg2vYGfpDomKy+DmW7WYfe1I=
=AykU
—–END PGP SIGNATURE—–

Top
More in Preporuke
Ranjivost Cisco SMC softvera

Otkrivena je ranjivost kod Cisco Stealthwatch Management Console (SMC) softvera uzrokovana nesigurnom konfiguracijom sustava. Potencijalni neautenticirani udaljeni napadač ranjivost bi...

Close