Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.1.4.2020.0792.1 |
Kategorie: | SuSE Local Security Checks |
Titel: | SUSE: Security Advisory (SUSE-SU-2020:0792-1) |
Zusammenfassung: | The remote host is missing an update for the 'python-cffi, python-cryptography' package(s) announced via the SUSE-SU-2020:0792-1 advisory. |
Beschreibung: | Summary: The remote host is missing an update for the 'python-cffi, python-cryptography' package(s) announced via the SUSE-SU-2020:0792-1 advisory. Vulnerability Insight: This update for python-cffi, python-cryptography fixes the following issues: Security issue fixed: CVE-2018-10903: Fixed GCM tag forgery via truncated tag in finalize_with_tag API (bsc#1101820). Non-security issues fixed: python-cffi was updated to 1.11.2 (bsc#1138748, jsc#ECO-1256, jsc#PM-1598): fixed a build failure on i586 (bsc#1111657) Salt was unable to highstate in snapshot 20171129 (bsc#1070737) Update pytest in spec to add c directory tests in addition to testing directory. update to version 1.11.2: * Fix Windows issue with managing the thread-state on CPython 3.0 to 3.5 Update pytest in spec to add c directory tests in addition to testing directory. Omit test_init_once_multithread tests as they rely on multiple threads finishing in a given time. Returns sporadic pass/fail within build. Update to 1.11.1: * Fix tests, remove deprecated C API usage * Fix (hack) for 3.6.0/3.6.1/3.6.2 giving incompatible binary extensions (cpython issue #29943) * Fix for 3.7.0a1+ Update to 1.11.0: * Support the modern standard types char16_t and char32_t. These work like wchar_t: they represent one unicode character, or when used as charN_t * or charN_t[] they represent a unicode string. The difference with wchar_t is that they have a known, fixed size. They should work at all places that used to work with wchar_t (please report an issue if I missed something). Note that with set_source(), you need to make sure that these types are actually defined by the C source you provide (if used in cdef()). * Support the C99 types float _Complex and double _Complex. Note that libffi doesn't support them, which means that in the ABI mode you still cannot call C functions that take complex numbers directly as arguments or return type. * Fixed a rare race condition when creating multiple FFI instances from multiple threads. (Note that you aren't meant to create many FFI instances: in inline mode, you should write ffi = cffi.FFI() at module level just after import cffi, and in out-of-line mode you don't instantiate FFI explicitly at all.) * Windows: using callbacks can be messy because the CFFI internal error messages show up to stderr-but stderr goes nowhere in many applications. This makes it particularly hard to get started with the embedding mode. (Once you get started, you can at least use @ffi.def_extern(onerror=...) and send the error logs where it makes sense for your application, or record them in log files, and so on.) So what is new in CFFI is that now, on Windows CFFI will try to open a non-modal MessageBox (in addition to sending raw messages to stderr). The MessageBox is only visible if the process stays alive: typically, console applications that crash close immediately, but that is also the situation where stderr should be visible anyway. * Progress on support for callbacks in NetBSD. * Functions returning booleans would in some ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'python-cffi, python-cryptography' package(s) on HPE Helion Openstack 8, SUSE CaaS Platform 3.0, SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2, SUSE Linux Enterprise Server 12-SP3, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-10903 |
Copyright | Copyright (C) 2021 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |