Overview

File _patchinfo of Package patchinfo.9233

<patchinfo incident="9233">
  <category>security</category>
  <rating>important</rating>
  <packager>msmeissn</packager>
  <summary>Security update for python-cryptography, python-pyOpenSSL</summary>
  <description>
This update for python-cryptography, python-pyOpenSSL fixes the following issues:

Security issues fixed:

- CVE-2018-1000808: A memory leak due to missing reference checking in PKCS#12 store handling was fixed (bsc#1111634)
- CVE-2018-1000807: A use-after-free in X509 object handling was fixed (bsc#1111635)

- avoid bad interaction with python-cryptography package. (bsc#1021578)

  </description>
  <issue id="2018-1000807" tracker="cve"/>
  <issue id="2018-1000808" tracker="cve"/>
  <issue id="1111634" tracker="bnc">VUL-1: CVE-2018-1000808: python-pyOpenSSL: Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store</issue>
  <issue id="1111635" tracker="bnc">VUL-0: CVE-2018-1000807: python-pyOpenSSL: Use After Free vulnerability in X509 object handling</issue>
  <issue id="1021578" tracker="bnc">Bug in the version of PyOpenSSL installed in OpenSUSE LEAP 42.3.</issue>
</patchinfo>
openSUSE Build Service is sponsored by
Places