Security update for python-cryptography, python-pyOpenSSL
This update for python-cryptography, python-pyOpenSSL fixes the following issues:
Security issues fixed:
- CVE-2018-1000808: A memory leak due to missing reference checking in PKCS#12 store handling was fixed (bsc#1111634)
- CVE-2018-1000807: A use-after-free in X509 object handling was fixed (bsc#1111635)
This update also contains the following tracked bug fixes:
- avoid bad interaction with python-cryptography package. (bsc#1021578)
- Avoid regression accessesing non-existing attribute _from_raw_x509_ptr in object X509 (bsc#1119077)
- Add python-setuptools as a requirement. (bsc#1052927)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
-
Submitted by
Marcus Meissner (msmeissn)
Fixed bugs
bnc#1052927
python-cryptography requires dependency to python-setuptools
bnc#1111634
VUL-1: CVE-2018-1000808: python-pyOpenSSL: Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store
bnc#1111635
VUL-0: CVE-2018-1000807: python-pyOpenSSL: Use After Free vulnerability in X509 object handling
bnc#1021578
Bug in the version of PyOpenSSL installed in OpenSUSE LEAP 42.3.
bnc#1119077
L3: python-pyOpenSSL accesses non-existing attribute _from_raw_x509_ptr in object X509
