Hi, Le 07/12/2023 à 12:58, Narpat Mali via lists.openembedded.org a écrit : > From: Narpat Mali <narpat.m...@windriver.com> > > cryptography is a package designed to expose cryptographic primitives > and recipes to Python developers. Calling `load_pem_pkcs7_certificates` > or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference > and segfault. Exploitation of this vulnerability poses a serious risk of > Denial of Service (DoS) for any application attempting to deserialize a > PKCS7 blob/certificate. The consequences extend to potential disruptions > in system availability and stability. This vulnerability has been patched > in version 41.0.6. > > References: > https://nvd.nist.gov/vuln/detail/CVE-2023-49083 > https://security-tracker.debian.org/tracker/CVE-2023-49083 > > Signed-off-by: Narpat Mali <narpat.m...@windriver.com>
FYI, this is a patch for mickledore branch but this branch is EOL (End-of-life). See : https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS#LTS_.E2.80.9CMixin.E2.80.9D_repositories https://wiki.yoctoproject.org/wiki/Releases Regards, -- Yoann Congal Smile ECS - Tech Expert
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#191947): https://lists.openembedded.org/g/openembedded-core/message/191947 Mute This Topic: https://lists.openembedded.org/mt/103032561/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
