Mageia alert MGASA-2015-0460 (python-cryptography)

From:
    	     
 
Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	     
 
updates-announce@ml.mageia.org 
Subject:
    	     
 
[updates-announce] MGASA-2015-0460: Updated python-cryptography packages fix security vulnerability 
Date:
    	     
 
Sat, 28 Nov 2015 00:11:50 +0100
Message-ID:
    	     
 
<20151127231151.047CF5D471@valstar.mageia.org>
MGASA-2015-0460 - Updated python-cryptography packages fix security vulnerability

Publication date: 27 Nov 2015
URL: http://advisories.mageia.org/MGASA-2015-0460.html
Type: security
Affected Mageia releases: 5

Description:
The OpenSSL backend prior to 1.0.2 made extensive use of assertions to
check response codes where our tests could not trigger a failure. However,
when Python is run with -O these asserts are optimized away. If a user ran
Python with this flag and got an invalid response code this could result
in undefined behavior or worse (rhbz#1267548).

The python-cryptography and python-cryptography-vectors packages have been
updated to version 1.0.2 and python-pyasn1 has been updated to version
0.1.8, fixing this issue.

References:
- https://bugs.mageia.org/show_bug.cgi?id=17144
- https://lists.fedoraproject.org/pipermail/package-announc...
- https://lists.fedoraproject.org/pipermail/package-announc...

SRPMS:
- 5/core/python-cryptography-1.0.2-1.mga5
- 5/core/python-cryptography-vectors-1.0.2-1.mga5
- 5/core/python-pyasn1-0.1.8-1.mga5
- 5/core/python-idna-2.0-1.mga5
- 5/core/python-ipaddress-1.0.15-1.mga5
- 5/core/python-cffi-1.1.2-1.mga5