ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2018.0429
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2018-0429)
Resumen:	The remote host is missing an update for the 'python-asn1crypto, python-cffi, python-cryptography, python-cryptography-vectors' package(s) announced via the MGASA-2018-0429 advisory.
Descripción:	Summary: The remote host is missing an update for the 'python-asn1crypto, python-cffi, python-cryptography, python-cryptography-vectors' package(s) announced via the MGASA-2018-0429 advisory. Vulnerability Insight: The python-cryptography and python-cryptography-vectors packages have been updated to version 2.3.1 and fixes the following security issue: The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage (CVE-2018-10903). Affected Software/OS: 'python-asn1crypto, python-cffi, python-cryptography, python-cryptography-vectors' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-10903 RedHat Security Advisories: RHSA-2018:3600 https://access.redhat.com/errata/RHSA-2018:3600 https://usn.ubuntu.com/3720-1/
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.