Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2020.0790.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2020:0790-1)
Summary:The remote host is missing an update for the 'python-cffi, python-cryptography, python-xattr' package(s) announced via the SUSE-SU-2020:0790-1 advisory.
Description:Summary:
The remote host is missing an update for the 'python-cffi, python-cryptography, python-xattr' package(s) announced via the SUSE-SU-2020:0790-1 advisory.

Vulnerability Insight:
This update for python-cffi, python-cryptography and python-xattr fixes the following issues:

Security issue fixed:

CVE-2018-10903: Fixed GCM tag forgery via truncated tag in
finalize_with_tag API (bsc#1101820).

Non-security issues fixed:

python-cffi was updated to 1.11.2 (bsc#1138748, jsc#ECO-1256, jsc#PM-1598):

fixed a build failure on i586 (bsc#1111657)

Salt was unable to highstate in snapshot 20171129 (bsc#1070737)

Update pytest in spec to add c directory tests in addition to testing
directory.

Update to 1.11.1:

Fix tests, remove deprecated C API usage

Fix (hack) for 3.6.0/3.6.1/3.6.2 giving incompatible binary extensions
(cpython issue #29943)

Fix for 3.7.0a1+

Update to 1.11.0:

Support the modern standard types char16_t and char32_t. These work like
wchar_t: they represent one unicode character, or when used as charN_t *
or charN_t[] they represent a unicode string. The difference with
wchar_t is that they have a known, fixed size. They should work at all
places that used to work with wchar_t (please report an issue if I
missed something). Note that with set_source(), you need to make sure
that these types are actually defined by the C source you provide (if
used in cdef()).

Support the C99 types float _Complex and double _Complex. Note that
libffi doesn't support them, which means that in the ABI mode you still
cannot call C functions that take complex numbers directly as arguments
or return type.

Fixed a rare race condition when creating multiple FFI instances from
multiple threads. (Note that you aren't meant to create many FFI
instances: in inline mode, you should write ffi = cffi.FFI() at module
level just after import cffi, and in
out-of-line mode you don't instantiate FFI explicitly at all.)

Windows: using callbacks can be messy because the CFFI internal error
messages show up to stderr-but stderr goes nowhere in many applications.
This makes it particularly hard to get started with the embedding mode.
(Once you get started, you can at least use @ffi.def_extern(onerror=...)
and send the error logs where it makes sense for your application, or
record them in log files, and so on.) So what is new in CFFI is that
now, on Windows CFFI will try to open a non-modal MessageBox (in
addition to sending raw messages to stderr). The MessageBox is only
visible if the process stays alive: typically, console applications that
crash close immediately, but that is also the situation where stderr
should be visible anyway.

Progress on support for callbacks in NetBSD.

Functions returning booleans would in some case still return 0
or 1 instead of False or True. Fixed.

ffi.gc() now takes an optional third parameter, which gives an estimate
of the size (in bytes) of the object. So far, this is
only used by PyPy, to make the next GC occur more quickly (issue #320).
In the future, this might have an effect on CPython too (provided ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'python-cffi, python-cryptography, python-xattr' package(s) on SUSE Linux Enterprise Server 12-SP1, SUSE Linux Enterprise Server for SAP 12-SP1, SUSE OpenStack Cloud 6.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-10903
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.