|
|
Log in / Subscribe / Register

Ubuntu alert USN-8087-3 (python-cryptography)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-8087-3] python-cryptography vulnerability


Date:
              Wed, 29 Apr 2026 06:29:08 +0000


Message-ID:
              <E1wHyQ0-0004gE-NE@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-8087-3
April 28, 2026

python-cryptography vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

python-cryptography could be made to expose sensitive information over the
network.

Software Description:
- python-cryptography: Cryptography Python library

Details:

USN-8087-1 fixed a vulnerability in python-cryptography. This update
provides the corresponding update to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,
and Ubuntu 20.04 LTS.

Original advisory details:

 It was discovered that python-cryptography incorrectly handled subgroup
 validation for SECT curves. A remote attacker could use this issue to
 perform a subgroup attack and possibly recover the least significant bits
 of private keys.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  python-cryptography             2.8-3ubuntu0.3+esm2
                                  Available with Ubuntu Pro
  python3-cryptography            2.8-3ubuntu0.3+esm2
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  python-cryptography             2.1.4-1ubuntu1.4+esm3
                                  Available with Ubuntu Pro
  python3-cryptography            2.1.4-1ubuntu1.4+esm3
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  python-cryptography             1.2.3-1ubuntu0.3+esm3
                                  Available with Ubuntu Pro
  python3-cryptography            1.2.3-1ubuntu0.3+esm3
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8087-3
  https://ubuntu.com/security/notices/USN-8087-2
  https://ubuntu.com/security/notices/USN-8087-1
  CVE-2026-26007




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmnxhlsACgkQcpJm3tlz
hgGMlA/8CfBKG1jdXP3X3U4CsL24lKJQ5aVl/8tff1f93FoB3Q5papDwfFkXHhjx
4sa/p/xQu/svfim0IT1Koh/rUtRNFeG7YeyGZb34cBSfdU51q4YDpb8d0eQKscUg
+4xNWVOWyA5L4eGCHaSpPhbW793R4bfHScNM2P3N9hq1IeS6NBaRZQOEF7l3eNEC
cJ/cH/p45CCQ3KjuUXV7RygYn0l7wLO4ykU84uZPA0REqxP1Ggb3/ALPfZUiDV65
Zbiy+xFGFL/6sG8UzVSzjCutqa1UffG7RtVNrZCLC0qTvreQG+XCilKG2iCmHXTJ
PeVWjAMs6StvroSu8aPxEivvSs4DHwTs5kod54GVRJlcLuNDivRxsQhGNAkP/iZC
5pkEaTN5Av0VDBJYwaaPV8Pa4EOX/rzas3RYrQpMP3YNq7DYucXy964XdK+wMx71
AzUFwEsFY4A2IEal1haFOQ4Hbefn50Ia2vcxNhD2e/3RWpty+5dBHbAY6Bf3t7h0
EiKxJmhoHditb+2oSscXueTIYEk9MjAi26KNszYzIUxKEpduoybYILsF84nJgT04
H+jnYjKFy8aDB4xjz+MsOix8ztprXZ2AiUrWUXqHHEEp4Gt1F48GfwTpefODDr2j
c3dBpIAap6bvN2dmM7f+sJXljlqmpVL21RnUDlpA84H9vm1SRa0=
=lUfU
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds