Security update for python-pyOpenSSL SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:1626-1 Final 1 1 2024-05-13T14:27:00Z current 2024-05-13T14:27:00Z 2024-05-13T14:27:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-pyOpenSSL This update for python-pyOpenSSL fixes the following issues: - CVE-2018-1000807: Fixed a use-after-free in X509 object handling (bsc#1111635) - CVE-2018-1000808: Fixed a use-after-free in PKCS #12 Store (bsc#1111634) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES12-SP5-Azure-BYOS-2024-1626,Image SLES12-SP5-Azure-Basic-On-Demand-2024-1626,Image SLES12-SP5-Azure-HPC-BYOS-2024-1626,Image SLES12-SP5-Azure-HPC-On-Demand-2024-1626,Image SLES12-SP5-Azure-SAP-BYOS-2024-1626,Image SLES12-SP5-Azure-SAP-On-Demand-2024-1626,Image SLES12-SP5-Azure-Standard-On-Demand-2024-1626,Image SLES12-SP5-EC2-BYOS-2024-1626,Image SLES12-SP5-EC2-ECS-On-Demand-2024-1626,Image SLES12-SP5-EC2-On-Demand-2024-1626,Image SLES12-SP5-EC2-SAP-BYOS-2024-1626,Image SLES12-SP5-EC2-SAP-On-Demand-2024-1626,Image SLES12-SP5-GCE-BYOS-2024-1626,Image SLES12-SP5-GCE-On-Demand-2024-1626,Image SLES12-SP5-GCE-SAP-BYOS-2024-1626,Image SLES12-SP5-GCE-SAP-On-Demand-2024-1626,Image SLES12-SP5-SAP-Azure-LI-BYOS-Production-2024-1626,Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production-2024-1626,SUSE-2024-1626,SUSE-SLE-SERVER-12-SP5-2024-1626 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20241626-1/ Link for SUSE-SU-2024:1626-1 https://lists.suse.com/pipermail/sle-updates/2024-May/035247.html E-Mail link for SUSE-SU-2024:1626-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1021578 SUSE Bug 1021578 https://bugzilla.suse.com/1111634 SUSE Bug 1111634 https://bugzilla.suse.com/1111635 SUSE Bug 1111635 https://www.suse.com/security/cve/CVE-2018-1000807/ SUSE CVE CVE-2018-1000807 page https://www.suse.com/security/cve/CVE-2018-1000808/ SUSE CVE CVE-2018-1000808 page Image SLES12-SP5-Azure-BYOS Image SLES12-SP5-Azure-Basic-On-Demand Image SLES12-SP5-Azure-HPC-BYOS Image SLES12-SP5-Azure-HPC-On-Demand Image SLES12-SP5-Azure-SAP-BYOS Image SLES12-SP5-Azure-SAP-On-Demand Image SLES12-SP5-Azure-Standard-On-Demand Image SLES12-SP5-EC2-BYOS Image SLES12-SP5-EC2-ECS-On-Demand Image SLES12-SP5-EC2-On-Demand Image SLES12-SP5-EC2-SAP-BYOS Image SLES12-SP5-EC2-SAP-On-Demand Image SLES12-SP5-GCE-BYOS Image SLES12-SP5-GCE-On-Demand Image SLES12-SP5-GCE-SAP-BYOS Image SLES12-SP5-GCE-SAP-On-Demand Image SLES12-SP5-SAP-Azure-LI-BYOS-Production Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 python-pyOpenSSL-17.1.0-4.26.1 python3-pyOpenSSL-17.1.0-4.26.1 python-pyOpenSSL-doc-17.1.0-4.26.1 python-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-Azure-BYOS python3-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-Azure-BYOS python3-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-Azure-Basic-On-Demand python-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-Azure-HPC-BYOS python3-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-Azure-HPC-BYOS python3-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-Azure-HPC-On-Demand python-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS python3-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS python-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demand python3-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demand python3-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-Azure-Standard-On-Demand python-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-EC2-BYOS python3-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-EC2-BYOS python-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-EC2-ECS-On-Demand python3-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-EC2-ECS-On-Demand python-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-EC2-On-Demand python3-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-EC2-On-Demand python-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS python3-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS python-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand python3-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand python-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-GCE-BYOS python3-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-GCE-BYOS python3-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-GCE-On-Demand python-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS python3-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS python-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-GCE-SAP-On-Demand python3-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-GCE-SAP-On-Demand python-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production python-pyOpenSSL-17.1.0-4.26.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production python-pyOpenSSL-17.1.0-4.26.1 as a component of SUSE Linux Enterprise Server 12 SP5 python3-pyOpenSSL-17.1.0-4.26.1 as a component of SUSE Linux Enterprise Server 12 SP5 python-pyOpenSSL-17.1.0-4.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 python3-pyOpenSSL-17.1.0-4.26.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0. CVE-2018-1000807 Image SLES12-SP5-Azure-BYOS:python-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-Azure-BYOS:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-Azure-Basic-On-Demand:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-Azure-HPC-BYOS:python-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-Azure-HPC-BYOS:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-Azure-HPC-On-Demand:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-Azure-SAP-BYOS:python-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-Azure-SAP-BYOS:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-Azure-SAP-On-Demand:python-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-Azure-SAP-On-Demand:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-Azure-Standard-On-Demand:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-EC2-BYOS:python-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-EC2-BYOS:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-EC2-ECS-On-Demand:python-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-EC2-ECS-On-Demand:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-EC2-On-Demand:python-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-EC2-On-Demand:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-EC2-SAP-BYOS:python-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-EC2-SAP-BYOS:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-EC2-SAP-On-Demand:python-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-EC2-SAP-On-Demand:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-GCE-BYOS:python-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-GCE-BYOS:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-GCE-On-Demand:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-GCE-SAP-BYOS:python-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-GCE-SAP-BYOS:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-GCE-SAP-On-Demand:python-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-GCE-SAP-On-Demand:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:python-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:python-pyOpenSSL-17.1.0-4.26.1 SUSE Linux Enterprise Server 12 SP5:python-pyOpenSSL-17.1.0-4.26.1 SUSE Linux Enterprise Server 12 SP5:python3-pyOpenSSL-17.1.0-4.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-pyOpenSSL-17.1.0-4.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-pyOpenSSL-17.1.0-4.26.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241626-1/ https://www.suse.com/security/cve/CVE-2018-1000807.html CVE-2018-1000807 https://bugzilla.suse.com/1111634 SUSE Bug 1111634 https://bugzilla.suse.com/1111635 SUSE Bug 1111635 Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.. This vulnerability appears to have been fixed in 17.5.0. CVE-2018-1000808 Image SLES12-SP5-Azure-BYOS:python-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-Azure-BYOS:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-Azure-Basic-On-Demand:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-Azure-HPC-BYOS:python-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-Azure-HPC-BYOS:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-Azure-HPC-On-Demand:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-Azure-SAP-BYOS:python-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-Azure-SAP-BYOS:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-Azure-SAP-On-Demand:python-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-Azure-SAP-On-Demand:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-Azure-Standard-On-Demand:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-EC2-BYOS:python-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-EC2-BYOS:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-EC2-ECS-On-Demand:python-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-EC2-ECS-On-Demand:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-EC2-On-Demand:python-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-EC2-On-Demand:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-EC2-SAP-BYOS:python-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-EC2-SAP-BYOS:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-EC2-SAP-On-Demand:python-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-EC2-SAP-On-Demand:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-GCE-BYOS:python-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-GCE-BYOS:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-GCE-On-Demand:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-GCE-SAP-BYOS:python-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-GCE-SAP-BYOS:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-GCE-SAP-On-Demand:python-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-GCE-SAP-On-Demand:python3-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:python-pyOpenSSL-17.1.0-4.26.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:python-pyOpenSSL-17.1.0-4.26.1 SUSE Linux Enterprise Server 12 SP5:python-pyOpenSSL-17.1.0-4.26.1 SUSE Linux Enterprise Server 12 SP5:python3-pyOpenSSL-17.1.0-4.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-pyOpenSSL-17.1.0-4.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-pyOpenSSL-17.1.0-4.26.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241626-1/ https://www.suse.com/security/cve/CVE-2018-1000808.html CVE-2018-1000808 https://bugzilla.suse.com/1111634 SUSE Bug 1111634 https://bugzilla.suse.com/1111635 SUSE Bug 1111635