Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-10903 (GCVE-0-2018-10903)
Vulnerability from cvelistv5
Published
2018-07-30 15:00
Modified
2024-08-05 07:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| [UNKNOWN] | python-cryptography |
Version: 2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:3600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3600"
},
{
"name": "USN-3720-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3720-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "python-cryptography",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "2.3"
}
]
}
],
"datePublic": "2018-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in python-cryptography versions between \u003e=1.9.0 and \u003c2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-14T10:57:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2018:3600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3600"
},
{
"name": "USN-3720-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3720-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "python-cryptography",
"version": {
"version_data": [
{
"version_value": "2.3"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in python-cryptography versions between \u003e=1.9.0 and \u003c2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:3600",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3600"
},
{
"name": "USN-3720-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3720-1/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903"
},
{
"name": "https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef",
"refsource": "CONFIRM",
"url": "https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-10903",
"datePublished": "2018-07-30T15:00:00",
"dateReserved": "2018-05-09T00:00:00",
"dateUpdated": "2024-08-05T07:54:36.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-10903\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-07-30T16:29:00.283\",\"lastModified\":\"2024-11-21T03:42:16.003\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in python-cryptography versions between \u003e=1.9.0 and \u003c2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado un error en python-cryptography, desde la versi\u00f3n 1.9.0 hasta la 2.3. La API finalize_with_tag no forzaba una longitud de etiqueta m\u00ednima. Si un usuario no validaba la longitud de la entrada antes de pasarla a finalize_with_tag, un atacante podr\u00eda manipular una carga \u00fatil no v\u00e1lida con una etiqueta acortada (p.ej., 1 byte) para as\u00ed tener 1 posibilidad entre 256 de pasar la comprobaci\u00f3n MAC. Las falsificaciones de etiquetas GCM pueden provocar un filtrado de claves.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cryptography:python-cryptography:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.9.0\",\"versionEndExcluding\":\"2.3\",\"matchCriteriaId\":\"0D920298-3A63-41D5-A65F-C7DE174A306B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"704CFA1A-953E-4105-BFBE-406034B83DED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3600\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3720-1/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3600\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3720-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
ghsa-fcf9-3qw3-gxmj
Vulnerability from github
Published
2018-07-31 18:28
Modified
2024-09-13 18:13
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
Summary
PyCA Cryptography vulnerable to GCM tag forgery
Details
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "cryptography"
},
"ranges": [
{
"events": [
{
"introduced": "1.9.0"
},
{
"fixed": "2.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-10903"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:34:18Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "A flaw was found in python-cryptography versions between \u003e=1.9.0 and \u003c2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.",
"id": "GHSA-fcf9-3qw3-gxmj",
"modified": "2024-09-13T18:13:03Z",
"published": "2018-07-31T18:28:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10903"
},
{
"type": "WEB",
"url": "https://github.com/pyca/cryptography/pull/4342"
},
{
"type": "WEB",
"url": "https://github.com/pyca/cryptography/commit/d4378e42937b56f473ddade2667f919ce32208cb"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3600"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-fcf9-3qw3-gxmj"
},
{
"type": "PACKAGE",
"url": "https://github.com/pyca/cryptography"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2018-52.yaml"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3720-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "PyCA Cryptography vulnerable to GCM tag forgery"
}
fkie_cve-2018-10903
Vulnerability from fkie_nvd
Published
2018-07-30 16:29
Modified
2024-11-21 03:42
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:3600 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef | Patch, Third Party Advisory | |
| secalert@redhat.com | https://usn.ubuntu.com/3720-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3600 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3720-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cryptography | python-cryptography | * | |
| redhat | openstack | 13 | |
| canonical | ubuntu_linux | 18.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cryptography:python-cryptography:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D920298-3A63-41D5-A65F-C7DE174A306B",
"versionEndExcluding": "2.3",
"versionStartIncluding": "1.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*",
"matchCriteriaId": "704CFA1A-953E-4105-BFBE-406034B83DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in python-cryptography versions between \u003e=1.9.0 and \u003c2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage."
},
{
"lang": "es",
"value": "Se ha encontrado un error en python-cryptography, desde la versi\u00f3n 1.9.0 hasta la 2.3. La API finalize_with_tag no forzaba una longitud de etiqueta m\u00ednima. Si un usuario no validaba la longitud de la entrada antes de pasarla a finalize_with_tag, un atacante podr\u00eda manipular una carga \u00fatil no v\u00e1lida con una etiqueta acortada (p.ej., 1 byte) para as\u00ed tener 1 posibilidad entre 256 de pasar la comprobaci\u00f3n MAC. Las falsificaciones de etiquetas GCM pueden provocar un filtrado de claves."
}
],
"id": "CVE-2018-10903",
"lastModified": "2024-11-21T03:42:16.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-30T16:29:00.283",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2018:3600"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3720-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:3600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3720-1/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
suse-su-2022:4044-1
Vulnerability from csaf_suse
Published
2022-11-17 08:07
Modified
2022-11-17 08:07
Summary
Security update for python-cryptography, python-cryptography-vectors
Notes
Title of the patch
Security update for python-cryptography, python-cryptography-vectors
Description of the patch
This update for python-cryptography, python-cryptography-vectors fixes the following issues:
- Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312)
- Refresh patches for new version
- Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)
- update to 2.9.2
* 2.9.2 - 2020-04-22
- Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15.
* 2.9.1 - 2020-04-21
- Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g.
* 2.9 - 2020-04-02
- BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to
low usage and maintenance burden.
- BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed.
Users on older version of OpenSSL will need to upgrade.
- BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.
- Removed support for calling public_bytes() with no arguments, as per
our deprecation policy. You must now pass encoding and format.
- BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string()
returns the RDNs as required by RFC 4514.
- Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f.
- Added support for parsing single_extensions in an OCSP response.
- NameAttribute values can now be empty strings.
- Add openSSL_111d.patch to make this version of the package
compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792.
- bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in
finalize_with_tag API
- Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312)
- Include in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)
- update to 2.9.2:
* updated vectors for the cryptography 2.9.2 testing
Patchnames
SUSE-2022-4044,SUSE-SLE-Module-Basesystem-15-SP3-2022-4044,SUSE-SLE-Module-Python2-15-SP3-2022-4044,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4044,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4044,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4044,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4044,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4044,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4044,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4044,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4044,SUSE-SUSE-MicroOS-5.1-2022-4044,SUSE-SUSE-MicroOS-5.2-2022-4044,SUSE-Storage-7-2022-4044,openSUSE-Leap-Micro-5.2-2022-4044,openSUSE-SLE-15.3-2022-4044
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-cryptography, python-cryptography-vectors",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-cryptography, python-cryptography-vectors fixes the following issues:\n\n- Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312)\n- Refresh patches for new version\n- Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)\n- update to 2.9.2\n * 2.9.2 - 2020-04-22\n - Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15.\n * 2.9.1 - 2020-04-21\n - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g.\n * 2.9 - 2020-04-02\n - BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to\n low usage and maintenance burden.\n - BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed.\n Users on older version of OpenSSL will need to upgrade.\n - BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.\n - Removed support for calling public_bytes() with no arguments, as per \n our deprecation policy. You must now pass encoding and format.\n - BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string()\n returns the RDNs as required by RFC 4514.\n - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f.\n - Added support for parsing single_extensions in an OCSP response.\n - NameAttribute values can now be empty strings.\n\n- Add openSSL_111d.patch to make this version of the package\n compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792.\n\n- bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in\n finalize_with_tag API\n- Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312)\n- Include in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)\n- update to 2.9.2:\n * updated vectors for the cryptography 2.9.2 testing\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-4044,SUSE-SLE-Module-Basesystem-15-SP3-2022-4044,SUSE-SLE-Module-Python2-15-SP3-2022-4044,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4044,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4044,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4044,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4044,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4044,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4044,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4044,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4044,SUSE-SUSE-MicroOS-5.1-2022-4044,SUSE-SUSE-MicroOS-5.2-2022-4044,SUSE-Storage-7-2022-4044,openSUSE-Leap-Micro-5.2-2022-4044,openSUSE-SLE-15.3-2022-4044",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4044-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:4044-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224044-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:4044-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/012962.html"
},
{
"category": "self",
"summary": "SUSE Bug 1101820",
"url": "https://bugzilla.suse.com/1101820"
},
{
"category": "self",
"summary": "SUSE Bug 1149792",
"url": "https://bugzilla.suse.com/1149792"
},
{
"category": "self",
"summary": "SUSE Bug 1176785",
"url": "https://bugzilla.suse.com/1176785"
},
{
"category": "self",
"summary": "SUSE Bug 1177083",
"url": "https://bugzilla.suse.com/1177083"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10903 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10903/"
}
],
"title": "Security update for python-cryptography, python-cryptography-vectors",
"tracking": {
"current_release_date": "2022-11-17T08:07:35Z",
"generator": {
"date": "2022-11-17T08:07:35Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:4044-1",
"initial_release_date": "2022-11-17T08:07:35Z",
"revision_history": [
{
"date": "2022-11-17T08:07:35Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python2-cryptography-2.9.2-150200.13.1.aarch64",
"product": {
"name": "python2-cryptography-2.9.2-150200.13.1.aarch64",
"product_id": "python2-cryptography-2.9.2-150200.13.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-cryptography-2.9.2-150200.13.1.aarch64",
"product": {
"name": "python3-cryptography-2.9.2-150200.13.1.aarch64",
"product_id": "python3-cryptography-2.9.2-150200.13.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-cryptography-2.9.2-150200.13.1.i586",
"product": {
"name": "python2-cryptography-2.9.2-150200.13.1.i586",
"product_id": "python2-cryptography-2.9.2-150200.13.1.i586"
}
},
{
"category": "product_version",
"name": "python3-cryptography-2.9.2-150200.13.1.i586",
"product": {
"name": "python3-cryptography-2.9.2-150200.13.1.i586",
"product_id": "python3-cryptography-2.9.2-150200.13.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-cryptography-vectors-2.9.2-150200.3.3.1.noarch",
"product": {
"name": "python2-cryptography-vectors-2.9.2-150200.3.3.1.noarch",
"product_id": "python2-cryptography-vectors-2.9.2-150200.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-cryptography-vectors-2.9.2-150200.3.3.1.noarch",
"product": {
"name": "python3-cryptography-vectors-2.9.2-150200.3.3.1.noarch",
"product_id": "python3-cryptography-vectors-2.9.2-150200.3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-cryptography-2.9.2-150200.13.1.ppc64le",
"product": {
"name": "python2-cryptography-2.9.2-150200.13.1.ppc64le",
"product_id": "python2-cryptography-2.9.2-150200.13.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-cryptography-2.9.2-150200.13.1.ppc64le",
"product": {
"name": "python3-cryptography-2.9.2-150200.13.1.ppc64le",
"product_id": "python3-cryptography-2.9.2-150200.13.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-cryptography-2.9.2-150200.13.1.s390x",
"product": {
"name": "python2-cryptography-2.9.2-150200.13.1.s390x",
"product_id": "python2-cryptography-2.9.2-150200.13.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-cryptography-2.9.2-150200.13.1.s390x",
"product": {
"name": "python3-cryptography-2.9.2-150200.13.1.s390x",
"product_id": "python3-cryptography-2.9.2-150200.13.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-cryptography-2.9.2-150200.13.1.x86_64",
"product": {
"name": "python2-cryptography-2.9.2-150200.13.1.x86_64",
"product_id": "python2-cryptography-2.9.2-150200.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-cryptography-2.9.2-150200.13.1.x86_64",
"product": {
"name": "python3-cryptography-2.9.2-150200.13.1.x86_64",
"product_id": "python3-cryptography-2.9.2-150200.13.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Python 2 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Python 2 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Python 2 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-python2:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.1",
"product": {
"name": "SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Retail Branch Server 4.1",
"product": {
"name": "SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.1",
"product": {
"name": "SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7",
"product": {
"name": "SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.2",
"product": {
"name": "openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.2"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python3-cryptography-2.9.2-150200.13.1.aarch64"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python3-cryptography-2.9.2-150200.13.1.ppc64le"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python3-cryptography-2.9.2-150200.13.1.s390x"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python3-cryptography-2.9.2-150200.13.1.x86_64"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.9.2-150200.13.1.aarch64 as component of SUSE Linux Enterprise Module for Python 2 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Python 2 15 SP3:python2-cryptography-2.9.2-150200.13.1.aarch64"
},
"product_reference": "python2-cryptography-2.9.2-150200.13.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 2 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.9.2-150200.13.1.ppc64le as component of SUSE Linux Enterprise Module for Python 2 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Python 2 15 SP3:python2-cryptography-2.9.2-150200.13.1.ppc64le"
},
"product_reference": "python2-cryptography-2.9.2-150200.13.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 2 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.9.2-150200.13.1.s390x as component of SUSE Linux Enterprise Module for Python 2 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Python 2 15 SP3:python2-cryptography-2.9.2-150200.13.1.s390x"
},
"product_reference": "python2-cryptography-2.9.2-150200.13.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 2 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.9.2-150200.13.1.x86_64 as component of SUSE Linux Enterprise Module for Python 2 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Python 2 15 SP3:python2-cryptography-2.9.2-150200.13.1.x86_64"
},
"product_reference": "python2-cryptography-2.9.2-150200.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 2 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.9.2-150200.13.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:python2-cryptography-2.9.2-150200.13.1.aarch64"
},
"product_reference": "python2-cryptography-2.9.2-150200.13.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.9.2-150200.13.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:python2-cryptography-2.9.2-150200.13.1.x86_64"
},
"product_reference": "python2-cryptography-2.9.2-150200.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:python3-cryptography-2.9.2-150200.13.1.aarch64"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:python3-cryptography-2.9.2-150200.13.1.x86_64"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.9.2-150200.13.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python2-cryptography-2.9.2-150200.13.1.aarch64"
},
"product_reference": "python2-cryptography-2.9.2-150200.13.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.9.2-150200.13.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python2-cryptography-2.9.2-150200.13.1.x86_64"
},
"product_reference": "python2-cryptography-2.9.2-150200.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-cryptography-2.9.2-150200.13.1.aarch64"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-cryptography-2.9.2-150200.13.1.x86_64"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:python3-cryptography-2.9.2-150200.13.1.x86_64"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.9.2-150200.13.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:python2-cryptography-2.9.2-150200.13.1.aarch64"
},
"product_reference": "python2-cryptography-2.9.2-150200.13.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.9.2-150200.13.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:python2-cryptography-2.9.2-150200.13.1.ppc64le"
},
"product_reference": "python2-cryptography-2.9.2-150200.13.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.9.2-150200.13.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:python2-cryptography-2.9.2-150200.13.1.s390x"
},
"product_reference": "python2-cryptography-2.9.2-150200.13.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.9.2-150200.13.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:python2-cryptography-2.9.2-150200.13.1.x86_64"
},
"product_reference": "python2-cryptography-2.9.2-150200.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:python3-cryptography-2.9.2-150200.13.1.aarch64"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:python3-cryptography-2.9.2-150200.13.1.ppc64le"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:python3-cryptography-2.9.2-150200.13.1.s390x"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:python3-cryptography-2.9.2-150200.13.1.x86_64"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.9.2-150200.13.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:python2-cryptography-2.9.2-150200.13.1.ppc64le"
},
"product_reference": "python2-cryptography-2.9.2-150200.13.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.9.2-150200.13.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:python2-cryptography-2.9.2-150200.13.1.x86_64"
},
"product_reference": "python2-cryptography-2.9.2-150200.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-cryptography-2.9.2-150200.13.1.ppc64le"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-cryptography-2.9.2-150200.13.1.x86_64"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.9.2-150200.13.1.x86_64 as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:python2-cryptography-2.9.2-150200.13.1.x86_64"
},
"product_reference": "python2-cryptography-2.9.2-150200.13.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.x86_64 as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:python3-cryptography-2.9.2-150200.13.1.x86_64"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.9.2-150200.13.1.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:python2-cryptography-2.9.2-150200.13.1.x86_64"
},
"product_reference": "python2-cryptography-2.9.2-150200.13.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:python3-cryptography-2.9.2-150200.13.1.x86_64"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.9.2-150200.13.1.ppc64le as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:python2-cryptography-2.9.2-150200.13.1.ppc64le"
},
"product_reference": "python2-cryptography-2.9.2-150200.13.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.9.2-150200.13.1.s390x as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:python2-cryptography-2.9.2-150200.13.1.s390x"
},
"product_reference": "python2-cryptography-2.9.2-150200.13.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.9.2-150200.13.1.x86_64 as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:python2-cryptography-2.9.2-150200.13.1.x86_64"
},
"product_reference": "python2-cryptography-2.9.2-150200.13.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.ppc64le as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:python3-cryptography-2.9.2-150200.13.1.ppc64le"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.s390x as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:python3-cryptography-2.9.2-150200.13.1.s390x"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.x86_64 as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:python3-cryptography-2.9.2-150200.13.1.x86_64"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:python3-cryptography-2.9.2-150200.13.1.aarch64"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:python3-cryptography-2.9.2-150200.13.1.s390x"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:python3-cryptography-2.9.2-150200.13.1.x86_64"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:python3-cryptography-2.9.2-150200.13.1.aarch64"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:python3-cryptography-2.9.2-150200.13.1.s390x"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:python3-cryptography-2.9.2-150200.13.1.x86_64"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.9.2-150200.13.1.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:python2-cryptography-2.9.2-150200.13.1.aarch64"
},
"product_reference": "python2-cryptography-2.9.2-150200.13.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.9.2-150200.13.1.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:python2-cryptography-2.9.2-150200.13.1.x86_64"
},
"product_reference": "python2-cryptography-2.9.2-150200.13.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:python3-cryptography-2.9.2-150200.13.1.aarch64"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:python3-cryptography-2.9.2-150200.13.1.x86_64"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.aarch64 as component of openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2:python3-cryptography-2.9.2-150200.13.1.aarch64"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.aarch64",
"relates_to_product_reference": "openSUSE Leap Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.x86_64 as component of openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2:python3-cryptography-2.9.2-150200.13.1.x86_64"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.9.2-150200.13.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:python2-cryptography-2.9.2-150200.13.1.aarch64"
},
"product_reference": "python2-cryptography-2.9.2-150200.13.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.9.2-150200.13.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:python2-cryptography-2.9.2-150200.13.1.ppc64le"
},
"product_reference": "python2-cryptography-2.9.2-150200.13.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.9.2-150200.13.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:python2-cryptography-2.9.2-150200.13.1.s390x"
},
"product_reference": "python2-cryptography-2.9.2-150200.13.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.9.2-150200.13.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:python2-cryptography-2.9.2-150200.13.1.x86_64"
},
"product_reference": "python2-cryptography-2.9.2-150200.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-vectors-2.9.2-150200.3.3.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:python2-cryptography-vectors-2.9.2-150200.3.3.1.noarch"
},
"product_reference": "python2-cryptography-vectors-2.9.2-150200.3.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:python3-cryptography-2.9.2-150200.13.1.aarch64"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:python3-cryptography-2.9.2-150200.13.1.ppc64le"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:python3-cryptography-2.9.2-150200.13.1.s390x"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.9.2-150200.13.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:python3-cryptography-2.9.2-150200.13.1.x86_64"
},
"product_reference": "python3-cryptography-2.9.2-150200.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-vectors-2.9.2-150200.3.3.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:python3-cryptography-vectors-2.9.2-150200.3.3.1.noarch"
},
"product_reference": "python3-cryptography-vectors-2.9.2-150200.3.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10903"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in python-cryptography versions between \u003e=1.9.0 and \u003c2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7:python2-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Enterprise Storage 7:python2-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Enterprise Storage 7:python3-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Enterprise Storage 7:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:python2-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:python2-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:python3-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python2-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python2-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:python3-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:python3-cryptography-2.9.2-150200.13.1.s390x",
"SUSE Linux Enterprise Micro 5.1:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:python3-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:python3-cryptography-2.9.2-150200.13.1.s390x",
"SUSE Linux Enterprise Micro 5.2:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python3-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python3-cryptography-2.9.2-150200.13.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python3-cryptography-2.9.2-150200.13.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise Module for Python 2 15 SP3:python2-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise Module for Python 2 15 SP3:python2-cryptography-2.9.2-150200.13.1.ppc64le",
"SUSE Linux Enterprise Module for Python 2 15 SP3:python2-cryptography-2.9.2-150200.13.1.s390x",
"SUSE Linux Enterprise Module for Python 2 15 SP3:python2-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python2-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python2-cryptography-2.9.2-150200.13.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python2-cryptography-2.9.2-150200.13.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python2-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python3-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python3-cryptography-2.9.2-150200.13.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python3-cryptography-2.9.2-150200.13.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:python2-cryptography-2.9.2-150200.13.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:python2-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-cryptography-2.9.2-150200.13.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Manager Proxy 4.1:python2-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Manager Proxy 4.1:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:python2-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Manager Server 4.1:python2-cryptography-2.9.2-150200.13.1.ppc64le",
"SUSE Manager Server 4.1:python2-cryptography-2.9.2-150200.13.1.s390x",
"SUSE Manager Server 4.1:python2-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Manager Server 4.1:python3-cryptography-2.9.2-150200.13.1.ppc64le",
"SUSE Manager Server 4.1:python3-cryptography-2.9.2-150200.13.1.s390x",
"SUSE Manager Server 4.1:python3-cryptography-2.9.2-150200.13.1.x86_64",
"openSUSE Leap 15.3:python2-cryptography-2.9.2-150200.13.1.aarch64",
"openSUSE Leap 15.3:python2-cryptography-2.9.2-150200.13.1.ppc64le",
"openSUSE Leap 15.3:python2-cryptography-2.9.2-150200.13.1.s390x",
"openSUSE Leap 15.3:python2-cryptography-2.9.2-150200.13.1.x86_64",
"openSUSE Leap 15.3:python2-cryptography-vectors-2.9.2-150200.3.3.1.noarch",
"openSUSE Leap 15.3:python3-cryptography-2.9.2-150200.13.1.aarch64",
"openSUSE Leap 15.3:python3-cryptography-2.9.2-150200.13.1.ppc64le",
"openSUSE Leap 15.3:python3-cryptography-2.9.2-150200.13.1.s390x",
"openSUSE Leap 15.3:python3-cryptography-2.9.2-150200.13.1.x86_64",
"openSUSE Leap 15.3:python3-cryptography-vectors-2.9.2-150200.3.3.1.noarch",
"openSUSE Leap Micro 5.2:python3-cryptography-2.9.2-150200.13.1.aarch64",
"openSUSE Leap Micro 5.2:python3-cryptography-2.9.2-150200.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10903",
"url": "https://www.suse.com/security/cve/CVE-2018-10903"
},
{
"category": "external",
"summary": "SUSE Bug 1101820 for CVE-2018-10903",
"url": "https://bugzilla.suse.com/1101820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7:python2-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Enterprise Storage 7:python2-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Enterprise Storage 7:python3-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Enterprise Storage 7:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:python2-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:python2-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:python3-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python2-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python2-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:python3-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:python3-cryptography-2.9.2-150200.13.1.s390x",
"SUSE Linux Enterprise Micro 5.1:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:python3-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:python3-cryptography-2.9.2-150200.13.1.s390x",
"SUSE Linux Enterprise Micro 5.2:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python3-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python3-cryptography-2.9.2-150200.13.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python3-cryptography-2.9.2-150200.13.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise Module for Python 2 15 SP3:python2-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise Module for Python 2 15 SP3:python2-cryptography-2.9.2-150200.13.1.ppc64le",
"SUSE Linux Enterprise Module for Python 2 15 SP3:python2-cryptography-2.9.2-150200.13.1.s390x",
"SUSE Linux Enterprise Module for Python 2 15 SP3:python2-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python2-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python2-cryptography-2.9.2-150200.13.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python2-cryptography-2.9.2-150200.13.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python2-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python3-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python3-cryptography-2.9.2-150200.13.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python3-cryptography-2.9.2-150200.13.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:python2-cryptography-2.9.2-150200.13.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:python2-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-cryptography-2.9.2-150200.13.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Manager Proxy 4.1:python2-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Manager Proxy 4.1:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:python2-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Manager Server 4.1:python2-cryptography-2.9.2-150200.13.1.ppc64le",
"SUSE Manager Server 4.1:python2-cryptography-2.9.2-150200.13.1.s390x",
"SUSE Manager Server 4.1:python2-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Manager Server 4.1:python3-cryptography-2.9.2-150200.13.1.ppc64le",
"SUSE Manager Server 4.1:python3-cryptography-2.9.2-150200.13.1.s390x",
"SUSE Manager Server 4.1:python3-cryptography-2.9.2-150200.13.1.x86_64",
"openSUSE Leap 15.3:python2-cryptography-2.9.2-150200.13.1.aarch64",
"openSUSE Leap 15.3:python2-cryptography-2.9.2-150200.13.1.ppc64le",
"openSUSE Leap 15.3:python2-cryptography-2.9.2-150200.13.1.s390x",
"openSUSE Leap 15.3:python2-cryptography-2.9.2-150200.13.1.x86_64",
"openSUSE Leap 15.3:python2-cryptography-vectors-2.9.2-150200.3.3.1.noarch",
"openSUSE Leap 15.3:python3-cryptography-2.9.2-150200.13.1.aarch64",
"openSUSE Leap 15.3:python3-cryptography-2.9.2-150200.13.1.ppc64le",
"openSUSE Leap 15.3:python3-cryptography-2.9.2-150200.13.1.s390x",
"openSUSE Leap 15.3:python3-cryptography-2.9.2-150200.13.1.x86_64",
"openSUSE Leap 15.3:python3-cryptography-vectors-2.9.2-150200.3.3.1.noarch",
"openSUSE Leap Micro 5.2:python3-cryptography-2.9.2-150200.13.1.aarch64",
"openSUSE Leap Micro 5.2:python3-cryptography-2.9.2-150200.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 7:python2-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Enterprise Storage 7:python2-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Enterprise Storage 7:python3-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Enterprise Storage 7:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:python2-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:python2-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:python3-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python2-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python2-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:python3-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:python3-cryptography-2.9.2-150200.13.1.s390x",
"SUSE Linux Enterprise Micro 5.1:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:python3-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:python3-cryptography-2.9.2-150200.13.1.s390x",
"SUSE Linux Enterprise Micro 5.2:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python3-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python3-cryptography-2.9.2-150200.13.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python3-cryptography-2.9.2-150200.13.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise Module for Python 2 15 SP3:python2-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise Module for Python 2 15 SP3:python2-cryptography-2.9.2-150200.13.1.ppc64le",
"SUSE Linux Enterprise Module for Python 2 15 SP3:python2-cryptography-2.9.2-150200.13.1.s390x",
"SUSE Linux Enterprise Module for Python 2 15 SP3:python2-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python2-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python2-cryptography-2.9.2-150200.13.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python2-cryptography-2.9.2-150200.13.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python2-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python3-cryptography-2.9.2-150200.13.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python3-cryptography-2.9.2-150200.13.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python3-cryptography-2.9.2-150200.13.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:python2-cryptography-2.9.2-150200.13.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:python2-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-cryptography-2.9.2-150200.13.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Manager Proxy 4.1:python2-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Manager Proxy 4.1:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:python2-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:python3-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Manager Server 4.1:python2-cryptography-2.9.2-150200.13.1.ppc64le",
"SUSE Manager Server 4.1:python2-cryptography-2.9.2-150200.13.1.s390x",
"SUSE Manager Server 4.1:python2-cryptography-2.9.2-150200.13.1.x86_64",
"SUSE Manager Server 4.1:python3-cryptography-2.9.2-150200.13.1.ppc64le",
"SUSE Manager Server 4.1:python3-cryptography-2.9.2-150200.13.1.s390x",
"SUSE Manager Server 4.1:python3-cryptography-2.9.2-150200.13.1.x86_64",
"openSUSE Leap 15.3:python2-cryptography-2.9.2-150200.13.1.aarch64",
"openSUSE Leap 15.3:python2-cryptography-2.9.2-150200.13.1.ppc64le",
"openSUSE Leap 15.3:python2-cryptography-2.9.2-150200.13.1.s390x",
"openSUSE Leap 15.3:python2-cryptography-2.9.2-150200.13.1.x86_64",
"openSUSE Leap 15.3:python2-cryptography-vectors-2.9.2-150200.3.3.1.noarch",
"openSUSE Leap 15.3:python3-cryptography-2.9.2-150200.13.1.aarch64",
"openSUSE Leap 15.3:python3-cryptography-2.9.2-150200.13.1.ppc64le",
"openSUSE Leap 15.3:python3-cryptography-2.9.2-150200.13.1.s390x",
"openSUSE Leap 15.3:python3-cryptography-2.9.2-150200.13.1.x86_64",
"openSUSE Leap 15.3:python3-cryptography-vectors-2.9.2-150200.3.3.1.noarch",
"openSUSE Leap Micro 5.2:python3-cryptography-2.9.2-150200.13.1.aarch64",
"openSUSE Leap Micro 5.2:python3-cryptography-2.9.2-150200.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-11-17T08:07:35Z",
"details": "important"
}
],
"title": "CVE-2018-10903"
}
]
}
suse-su-2018:3553-1
Vulnerability from csaf_suse
Published
2018-10-29 16:28
Modified
2018-10-29 16:28
Summary
Security update for python-cryptography
Notes
Title of the patch
Security update for python-cryptography
Description of the patch
This update for python-cryptography fixes the following issues:
- CVE-2018-10903: The finalize_with_tag API did not enforce a minimum tag
length. If a user did not validate the input length prior to passing it to
finalize_with_tag an attacker could craft an invalid payload with a shortened
tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the
MAC check. GCM tag forgeries could have caused key leakage (bsc#1101820)
Patchnames
HPE-Helion-OpenStack-8-2018-2517,SUSE-OpenStack-Cloud-8-2018-2517,SUSE-OpenStack-Cloud-Crowbar-8-2018-2517
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-cryptography",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-cryptography fixes the following issues:\n\n- CVE-2018-10903: The finalize_with_tag API did not enforce a minimum tag\n length. If a user did not validate the input length prior to passing it to\n finalize_with_tag an attacker could craft an invalid payload with a shortened\n tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the\n MAC check. GCM tag forgeries could have caused key leakage (bsc#1101820)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "HPE-Helion-OpenStack-8-2018-2517,SUSE-OpenStack-Cloud-8-2018-2517,SUSE-OpenStack-Cloud-Crowbar-8-2018-2517",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3553-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3553-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183553-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3553-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-October/004808.html"
},
{
"category": "self",
"summary": "SUSE Bug 1101820",
"url": "https://bugzilla.suse.com/1101820"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10903 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10903/"
}
],
"title": "Security update for python-cryptography",
"tracking": {
"current_release_date": "2018-10-29T16:28:06Z",
"generator": {
"date": "2018-10-29T16:28:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3553-1",
"initial_release_date": "2018-10-29T16:28:06Z",
"revision_history": [
{
"date": "2018-10-29T16:28:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python-cryptography-2.0.3-3.3.1.x86_64",
"product": {
"name": "python-cryptography-2.0.3-3.3.1.x86_64",
"product_id": "python-cryptography-2.0.3-3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Helion OpenStack 8",
"product": {
"name": "HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:hpe-helion-openstack:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 8",
"product": {
"name": "SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.0.3-3.3.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:python-cryptography-2.0.3-3.3.1.x86_64"
},
"product_reference": "python-cryptography-2.0.3-3.3.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.0.3-3.3.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:python-cryptography-2.0.3-3.3.1.x86_64"
},
"product_reference": "python-cryptography-2.0.3-3.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.0.3-3.3.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:python-cryptography-2.0.3-3.3.1.x86_64"
},
"product_reference": "python-cryptography-2.0.3-3.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10903"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in python-cryptography versions between \u003e=1.9.0 and \u003c2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:python-cryptography-2.0.3-3.3.1.x86_64",
"SUSE OpenStack Cloud 8:python-cryptography-2.0.3-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:python-cryptography-2.0.3-3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10903",
"url": "https://www.suse.com/security/cve/CVE-2018-10903"
},
{
"category": "external",
"summary": "SUSE Bug 1101820 for CVE-2018-10903",
"url": "https://bugzilla.suse.com/1101820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:python-cryptography-2.0.3-3.3.1.x86_64",
"SUSE OpenStack Cloud 8:python-cryptography-2.0.3-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:python-cryptography-2.0.3-3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:python-cryptography-2.0.3-3.3.1.x86_64",
"SUSE OpenStack Cloud 8:python-cryptography-2.0.3-3.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:python-cryptography-2.0.3-3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-29T16:28:06Z",
"details": "important"
}
],
"title": "CVE-2018-10903"
}
]
}
suse-su-2020:0792-1
Vulnerability from csaf_suse
Published
2020-03-25 14:14
Modified
2020-03-25 14:14
Summary
Security update for python-cffi, python-cryptography
Notes
Title of the patch
Security update for python-cffi, python-cryptography
Description of the patch
This update for python-cffi, python-cryptography fixes the following issues:
Security issue fixed:
- CVE-2018-10903: Fixed GCM tag forgery via truncated tag in finalize_with_tag API (bsc#1101820).
Non-security issues fixed:
python-cffi was updated to 1.11.2 (bsc#1138748, jsc#ECO-1256, jsc#PM-1598):
- fixed a build failure on i586 (bsc#1111657)
- Salt was unable to highstate in snapshot 20171129 (bsc#1070737)
- Update pytest in spec to add c directory tests in addition to
testing directory.
- update to version 1.11.2:
* Fix Windows issue with managing the thread-state on CPython 3.0 to
3.5
- Update pytest in spec to add c directory tests in addition to
testing directory.
- Omit test_init_once_multithread tests as they rely on multiple
threads finishing in a given time. Returns sporadic pass/fail
within build.
- Update to 1.11.1:
* Fix tests, remove deprecated C API usage
* Fix (hack) for 3.6.0/3.6.1/3.6.2 giving incompatible binary
extensions (cpython issue #29943)
* Fix for 3.7.0a1+
- Update to 1.11.0:
* Support the modern standard types char16_t and char32_t. These
work like wchar_t: they represent one unicode character, or when
used as charN_t * or charN_t[] they represent a unicode string.
The difference with wchar_t is that they have a known, fixed
size. They should work at all places that used to work with
wchar_t (please report an issue if I missed something). Note
that with set_source(), you need to make sure that these types
are actually defined by the C source you provide (if used in
cdef()).
* Support the C99 types float _Complex and double _Complex. Note
that libffi doesn't support them, which means that in the ABI
mode you still cannot call C functions that take complex
numbers directly as arguments or return type.
* Fixed a rare race condition when creating multiple FFI instances
from multiple threads. (Note that you aren't meant to create
many FFI instances: in inline mode, you should write
ffi = cffi.FFI() at module level just after import cffi; and in
out-of-line mode you don't instantiate FFI explicitly at all.)
* Windows: using callbacks can be messy because the CFFI internal
error messages show up to stderr-but stderr goes nowhere in many
applications. This makes it particularly hard to get started
with the embedding mode. (Once you get started, you can at least
use @ffi.def_extern(onerror=...) and send the error logs where
it makes sense for your application, or record them in log
files, and so on.) So what is new in CFFI is that now, on
Windows CFFI will try to open a non-modal MessageBox (in addition
to sending raw messages to stderr). The MessageBox is only
visible if the process stays alive: typically, console
applications that crash close immediately, but that is also the
situation where stderr should be visible anyway.
* Progress on support for callbacks in NetBSD.
* Functions returning booleans would in some case still return 0
or 1 instead of False or True. Fixed.
* ffi.gc() now takes an optional third parameter, which gives an
estimate of the size (in bytes) of the object. So far, this is
only used by PyPy, to make the next GC occur more quickly
(issue #320). In the future, this might have an effect on
CPython too (provided the CPython issue 31105 is addressed).
* Add a note to the documentation: the ABI mode gives function
objects that are slower to call than the API mode does. For
some reason it is often thought to be faster. It is not!
- Update to 1.10.1:
* Fixed the line numbers reported in case of cdef() errors. Also,
I just noticed, but pycparser always supported the preprocessor
directive # 42 'foo.h' to mean 'from the next line, we're in
file foo.h starting from line 42';, which it puts in the error
messages.
- update to 1.10.0:
* Issue #295: use calloc() directly instead of PyObject_Malloc()+memset()
to handle ffi.new() with a default allocator. Speeds up ffi.new(large-array)
where most of the time you never touch most of the array.
* Some OS/X build fixes ('only with Xcode but without CLT';).
* Improve a couple of error messages: when getting mismatched versions of
cffi and its backend; and when calling functions which cannot be called with
libffi because an argument is a struct that is 'too complicated'; (and not
a struct pointer, which always works).
* Add support for some unusual compilers (non-msvc, non-gcc, non-icc, non-clang)
* Implemented the remaining cases for ffi.from_buffer. Now all
buffer/memoryview objects can be passed. The one remaining check is against
passing unicode strings in Python 2. (They support the buffer interface, but
that gives the raw bytes behind the UTF16/UCS4 storage, which is most of the
times not what you expect. In Python 3 this has been fixed and the unicode
strings don't support the memoryview interface any more.)
* The C type _Bool or bool now converts to a Python boolean when reading,
instead of the content of the byte as an integer. The potential
incompatibility here is what occurs if the byte contains a value different
from 0 and 1. Previously, it would just return it; with this change, CFFI
raises an exception in this case. But this case means 'undefined behavior';
in C; if you really have to interface with a library relying on this,
don't use bool in the CFFI side. Also, it is still valid to use a byte
string as initializer for a bool[], but now it must only contain \x00 or
\x01. As an aside, ffi.string() no longer works on bool[] (but it never made
much sense, as this function stops at the first zero).
* ffi.buffer is now the name of cffi's buffer type, and ffi.buffer() works
like before but is the constructor of that type.
* ffi.addressof(lib, 'name') now works also in in-line mode, not only in
out-of-line mode. This is useful for taking the address of global variables.
* Issue #255: cdata objects of a primitive type (integers, floats, char) are
now compared and ordered by value. For example, <cdata 'int' 42> compares
equal to 42 and <cdata 'char' b'A'> compares equal to b'A'. Unlike C,
<cdata 'int' -1> does not compare equal to ffi.cast('unsigned int', -1): it
compares smaller, because -1 < 4294967295.
* PyPy: ffi.new() and ffi.new_allocator()() did not record 'memory pressure';,
causing the GC to run too infrequently if you call ffi.new() very often
and/or with large arrays. Fixed in PyPy 5.7.
* Support in ffi.cdef() for numeric expressions with + or -. Assumes that
there is no overflow; it should be fixed first before we add more general
support for arbitrary arithmetic on constants.
- do not generate HTML documentation for packages that are indirect
dependencies of Sphinx
(see docs at https://cffi.readthedocs.org/ )
- update to 1.9.1
- Structs with variable-sized arrays as their last field: now we track the
length of the array after ffi.new() is called, just like we always tracked
the length of ffi.new('int[]', 42). This lets us detect out-of-range
accesses to array items. This also lets us display a better repr(), and
have the total size returned by ffi.sizeof() and ffi.buffer(). Previously
both functions would return a result based on the size of the declared
structure type, with an assumed empty array. (Thanks andrew for starting
this refactoring.)
- Add support in cdef()/set_source() for unspecified-length arrays in
typedefs: typedef int foo_t[...];. It was already supported for global
variables or structure fields.
- I turned in v1.8 a warning from cffi/model.py into an error: 'enum xxx' has
no values explicitly defined: refusing to guess which integer type it is
meant to be (unsigned/signed, int/long). Now I'm turning it back to a
warning again; it seems that guessing that the enum has size int is a
99%-safe bet. (But not 100%, so it stays as a warning.)
- Fix leaks in the code handling FILE * arguments. In CPython 3 there is a
remaining issue that is hard to fix: if you pass a Python file object to a
FILE * argument, then os.dup() is used and the new file descriptor is only
closed when the GC reclaims the Python file object-and not at the earlier
time when you call close(), which only closes the original file descriptor.
If this is an issue, you should avoid this automatic convertion of Python
file objects: instead, explicitly manipulate file descriptors and call
fdopen() from C (...via cffi).
- When passing a void * argument to a function with a different pointer type,
or vice-versa, the cast occurs automatically, like in C. The same occurs
for initialization with ffi.new() and a few other places. However, I
thought that char * had the same property-but I was mistaken. In C you get
the usual warning if you try to give a char * to a char ** argument, for
example. Sorry about the confusion. This has been fixed in CFFI by giving
for now a warning, too. It will turn into an error in a future version.
- Issue #283: fixed ffi.new() on structures/unions with nested anonymous
structures/unions, when there is at least one union in the mix. When
initialized with a list or a dict, it should now behave more closely like
the { } syntax does in GCC.
- CPython 3.x: experimental: the generated C extension modules now use the
'limited API';, which means that, as a compiled .so/.dll, it should work
directly on any version of CPython >= 3.2. The name produced by distutils
is still version-specific. To get the version-independent name, you can
rename it manually to NAME.abi3.so, or use the very recent setuptools 26.
- Added ffi.compile(debug=...), similar to python setup.py build --debug but
defaulting to True if we are running a debugging version of Python itself.
- Removed the restriction that ffi.from_buffer() cannot be used on byte
strings. Now you can get a char * out of a byte string, which is valid as
long as the string object is kept alive. (But don't use it to modify the
string object! If you need this, use bytearray or other official
techniques.)
- PyPy 5.4 can now pass a byte string directly to a char * argument (in older
versions, a copy would be made). This used to be a CPython-only
optimization.
- ffi.gc(p, None) removes the destructor on an object previously created by
another call to ffi.gc()
- bool(ffi.cast('primitive type', x)) now returns False if the value is zero
(including -0.0), and True otherwise. Previously this would only return
False for cdata objects of a pointer type when the pointer is NULL.
- bytearrays: ffi.from_buffer(bytearray-object) is now supported. (The reason
it was not supported was that it was hard to do in PyPy, but it works since
PyPy 5.3.) To call a C function with a char * argument from a buffer
object-now including bytearrays-you write lib.foo(ffi.from_buffer(x)).
Additionally, this is now supported: p[0:length] = bytearray-object. The
problem with this was that a iterating over bytearrays gives numbers
instead of characters. (Now it is implemented with just a memcpy, of
course, not actually iterating over the characters.)
- C++: compiling the generated C code with C++ was supposed to work, but
failed if you make use the bool type (because that is rendered as the C
_Bool type, which doesn't exist in C++).
- help(lib) and help(lib.myfunc) now give useful information, as well as
dir(p) where p is a struct or pointer-to-struct.
- update for multipython build
- disable 'negative left shift' warning in test suite to prevent
failures with gcc6, until upstream fixes the undefined code
in question (bsc#981848)
- Update to version 1.6.0:
* ffi.list_types()
* ffi.unpack()
* extern 'Python+C';
* in API mode, lib.foo.__doc__ contains the C signature now.
* Yet another attempt at robustness of ffi.def_extern() against
CPython's interpreter shutdown logic.
- Update in SLE-12 (bsc#1138748, jsc#ECO-1256, jsc#PM-1598)
- Make this version of the package compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792.
- bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in
finalize_with_tag API
- Add proper conditional for the python2, the ifpython works only
for the requires/etc
- add missing dependency on python ssl
- update to version 2.1.4:
* Added X509_up_ref for an upcoming pyOpenSSL release.
- update to version 2.1.3:
* Updated Windows, macOS, and manylinux1 wheels to be compiled with
OpenSSL 1.1.0g.
- update to version 2.1.2:
* Corrected a bug with the manylinux1 wheels where OpenSSL's stack
was marked executable.
- fix BuildRequires conditions for python3
- update to 2.1.1
- Fix cffi version requirement.
- Disable memleak tests to fix build with OpenSSL 1.1 (bsc#1055478)
- update to 2.0.3
- update to 2.0.2
- update to 2.0
- update to 1.9
- add python-packaging to requirements explicitly instead of relying
on setuptools to pull it in
- Switch to singlespec approach
- update to 1.8.1
- Adust Requires and BuildRequires
Patchnames
HPE-Helion-OpenStack-8-2020-792,SUSE-2020-792,SUSE-OpenStack-Cloud-7-2020-792,SUSE-OpenStack-Cloud-8-2020-792,SUSE-OpenStack-Cloud-Crowbar-8-2020-792,SUSE-SLE-SAP-12-SP2-2020-792,SUSE-SLE-SAP-12-SP3-2020-792,SUSE-SLE-SERVER-12-SP2-2020-792,SUSE-SLE-SERVER-12-SP2-BCL-2020-792,SUSE-SLE-SERVER-12-SP3-2020-792,SUSE-SLE-SERVER-12-SP3-BCL-2020-792,SUSE-SLE-SERVER-12-SP4-2020-792,SUSE-SLE-SERVER-12-SP5-2020-792,SUSE-Storage-5-2020-792
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-cffi, python-cryptography",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-cffi, python-cryptography fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2018-10903: Fixed GCM tag forgery via truncated tag in finalize_with_tag API (bsc#1101820).\n\nNon-security issues fixed:\n\npython-cffi was updated to 1.11.2 (bsc#1138748, jsc#ECO-1256, jsc#PM-1598):\n\n- fixed a build failure on i586 (bsc#1111657)\n- Salt was unable to highstate in snapshot 20171129 (bsc#1070737)\n\n- Update pytest in spec to add c directory tests in addition to \n testing directory.\n\n- update to version 1.11.2:\n * Fix Windows issue with managing the thread-state on CPython 3.0 to\n 3.5\n\n- Update pytest in spec to add c directory tests in addition to \n testing directory.\n- Omit test_init_once_multithread tests as they rely on multiple\n threads finishing in a given time. Returns sporadic pass/fail\n within build.\n- Update to 1.11.1:\n * Fix tests, remove deprecated C API usage\n * Fix (hack) for 3.6.0/3.6.1/3.6.2 giving incompatible binary\n extensions (cpython issue #29943)\n * Fix for 3.7.0a1+\n\n- Update to 1.11.0:\n * Support the modern standard types char16_t and char32_t. These\n work like wchar_t: they represent one unicode character, or when\n used as charN_t * or charN_t[] they represent a unicode string.\n The difference with wchar_t is that they have a known, fixed\n size. They should work at all places that used to work with\n wchar_t (please report an issue if I missed something). Note\n that with set_source(), you need to make sure that these types\n are actually defined by the C source you provide (if used in\n cdef()).\n * Support the C99 types float _Complex and double _Complex. Note\n that libffi doesn\u0027t support them, which means that in the ABI\n mode you still cannot call C functions that take complex\n numbers directly as arguments or return type.\n * Fixed a rare race condition when creating multiple FFI instances\n from multiple threads. (Note that you aren\u0027t meant to create\n many FFI instances: in inline mode, you should write\n ffi = cffi.FFI() at module level just after import cffi; and in\n out-of-line mode you don\u0027t instantiate FFI explicitly at all.)\n * Windows: using callbacks can be messy because the CFFI internal\n error messages show up to stderr-but stderr goes nowhere in many\n applications. This makes it particularly hard to get started\n with the embedding mode. (Once you get started, you can at least\n use @ffi.def_extern(onerror=...) and send the error logs where\n it makes sense for your application, or record them in log\n files, and so on.) So what is new in CFFI is that now, on\n Windows CFFI will try to open a non-modal MessageBox (in addition\n to sending raw messages to stderr). The MessageBox is only\n visible if the process stays alive: typically, console\n applications that crash close immediately, but that is also the\n situation where stderr should be visible anyway.\n * Progress on support for callbacks in NetBSD.\n * Functions returning booleans would in some case still return 0\n or 1 instead of False or True. Fixed.\n * ffi.gc() now takes an optional third parameter, which gives an\n estimate of the size (in bytes) of the object. So far, this is\n only used by PyPy, to make the next GC occur more quickly\n (issue #320). In the future, this might have an effect on\n CPython too (provided the CPython issue 31105 is addressed).\n * Add a note to the documentation: the ABI mode gives function\n objects that are slower to call than the API mode does. For\n some reason it is often thought to be faster. It is not!\n- Update to 1.10.1:\n * Fixed the line numbers reported in case of cdef() errors. Also,\n I just noticed, but pycparser always supported the preprocessor\n directive # 42 \u0027foo.h\u0027 to mean \u0027from the next line, we\u0027re in\n file foo.h starting from line 42\u0027;, which it puts in the error\n messages. \n\n- update to 1.10.0:\n * Issue #295: use calloc() directly instead of PyObject_Malloc()+memset()\n to handle ffi.new() with a default allocator. Speeds up ffi.new(large-array)\n where most of the time you never touch most of the array.\n * Some OS/X build fixes (\u0027only with Xcode but without CLT\u0027;).\n * Improve a couple of error messages: when getting mismatched versions of\n cffi and its backend; and when calling functions which cannot be called with\n libffi because an argument is a struct that is \u0027too complicated\u0027; (and not\n a struct pointer, which always works).\n * Add support for some unusual compilers (non-msvc, non-gcc, non-icc, non-clang)\n * Implemented the remaining cases for ffi.from_buffer. Now all\n buffer/memoryview objects can be passed. The one remaining check is against\n passing unicode strings in Python 2. (They support the buffer interface, but\n that gives the raw bytes behind the UTF16/UCS4 storage, which is most of the\n times not what you expect. In Python 3 this has been fixed and the unicode\n strings don\u0027t support the memoryview interface any more.)\n * The C type _Bool or bool now converts to a Python boolean when reading,\n instead of the content of the byte as an integer. The potential\n incompatibility here is what occurs if the byte contains a value different\n from 0 and 1. Previously, it would just return it; with this change, CFFI\n raises an exception in this case. But this case means \u0027undefined behavior\u0027;\n in C; if you really have to interface with a library relying on this,\n don\u0027t use bool in the CFFI side. Also, it is still valid to use a byte\n string as initializer for a bool[], but now it must only contain \\x00 or\n \\x01. As an aside, ffi.string() no longer works on bool[] (but it never made\n much sense, as this function stops at the first zero).\n * ffi.buffer is now the name of cffi\u0027s buffer type, and ffi.buffer() works\n like before but is the constructor of that type.\n * ffi.addressof(lib, \u0027name\u0027) now works also in in-line mode, not only in\n out-of-line mode. This is useful for taking the address of global variables.\n * Issue #255: cdata objects of a primitive type (integers, floats, char) are\n now compared and ordered by value. For example, \u003ccdata \u0027int\u0027 42\u003e compares\n equal to 42 and \u003ccdata \u0027char\u0027 b\u0027A\u0027\u003e compares equal to b\u0027A\u0027. Unlike C,\n \u003ccdata \u0027int\u0027 -1\u003e does not compare equal to ffi.cast(\u0027unsigned int\u0027, -1): it\n compares smaller, because -1 \u003c 4294967295.\n * PyPy: ffi.new() and ffi.new_allocator()() did not record \u0027memory pressure\u0027;,\n causing the GC to run too infrequently if you call ffi.new() very often\n and/or with large arrays. Fixed in PyPy 5.7.\n * Support in ffi.cdef() for numeric expressions with + or -. Assumes that\n there is no overflow; it should be fixed first before we add more general\n support for arbitrary arithmetic on constants.\n\n- do not generate HTML documentation for packages that are indirect\n dependencies of Sphinx\n (see docs at https://cffi.readthedocs.org/ )\n\n- update to 1.9.1\n - Structs with variable-sized arrays as their last field: now we track the\n length of the array after ffi.new() is called, just like we always tracked\n the length of ffi.new(\u0027int[]\u0027, 42). This lets us detect out-of-range\n accesses to array items. This also lets us display a better repr(), and\n have the total size returned by ffi.sizeof() and ffi.buffer(). Previously\n both functions would return a result based on the size of the declared\n structure type, with an assumed empty array. (Thanks andrew for starting\n this refactoring.)\n - Add support in cdef()/set_source() for unspecified-length arrays in\n typedefs: typedef int foo_t[...];. It was already supported for global\n variables or structure fields.\n - I turned in v1.8 a warning from cffi/model.py into an error: \u0027enum xxx\u0027 has\n no values explicitly defined: refusing to guess which integer type it is\n meant to be (unsigned/signed, int/long). Now I\u0027m turning it back to a\n warning again; it seems that guessing that the enum has size int is a\n 99%-safe bet. (But not 100%, so it stays as a warning.)\n - Fix leaks in the code handling FILE * arguments. In CPython 3 there is a\n remaining issue that is hard to fix: if you pass a Python file object to a\n FILE * argument, then os.dup() is used and the new file descriptor is only\n closed when the GC reclaims the Python file object-and not at the earlier\n time when you call close(), which only closes the original file descriptor.\n If this is an issue, you should avoid this automatic convertion of Python\n file objects: instead, explicitly manipulate file descriptors and call\n fdopen() from C (...via cffi).\n - When passing a void * argument to a function with a different pointer type,\n or vice-versa, the cast occurs automatically, like in C. The same occurs\n for initialization with ffi.new() and a few other places. However, I\n thought that char * had the same property-but I was mistaken. In C you get\n the usual warning if you try to give a char * to a char ** argument, for\n example. Sorry about the confusion. This has been fixed in CFFI by giving\n for now a warning, too. It will turn into an error in a future version.\n - Issue #283: fixed ffi.new() on structures/unions with nested anonymous\n structures/unions, when there is at least one union in the mix. When\n initialized with a list or a dict, it should now behave more closely like\n the { } syntax does in GCC.\n - CPython 3.x: experimental: the generated C extension modules now use the\n \u0027limited API\u0027;, which means that, as a compiled .so/.dll, it should work\n directly on any version of CPython \u003e= 3.2. The name produced by distutils\n is still version-specific. To get the version-independent name, you can\n rename it manually to NAME.abi3.so, or use the very recent setuptools 26.\n - Added ffi.compile(debug=...), similar to python setup.py build --debug but\n defaulting to True if we are running a debugging version of Python itself.\n - Removed the restriction that ffi.from_buffer() cannot be used on byte\n strings. Now you can get a char * out of a byte string, which is valid as\n long as the string object is kept alive. (But don\u0027t use it to modify the\n string object! If you need this, use bytearray or other official\n techniques.)\n - PyPy 5.4 can now pass a byte string directly to a char * argument (in older\n versions, a copy would be made). This used to be a CPython-only\n optimization.\n - ffi.gc(p, None) removes the destructor on an object previously created by\n another call to ffi.gc()\n - bool(ffi.cast(\u0027primitive type\u0027, x)) now returns False if the value is zero\n (including -0.0), and True otherwise. Previously this would only return\n False for cdata objects of a pointer type when the pointer is NULL.\n - bytearrays: ffi.from_buffer(bytearray-object) is now supported. (The reason\n it was not supported was that it was hard to do in PyPy, but it works since\n PyPy 5.3.) To call a C function with a char * argument from a buffer\n object-now including bytearrays-you write lib.foo(ffi.from_buffer(x)).\n Additionally, this is now supported: p[0:length] = bytearray-object. The\n problem with this was that a iterating over bytearrays gives numbers\n instead of characters. (Now it is implemented with just a memcpy, of\n course, not actually iterating over the characters.)\n - C++: compiling the generated C code with C++ was supposed to work, but\n failed if you make use the bool type (because that is rendered as the C\n _Bool type, which doesn\u0027t exist in C++).\n - help(lib) and help(lib.myfunc) now give useful information, as well as\n dir(p) where p is a struct or pointer-to-struct.\n\n- update for multipython build\n\n- disable \u0027negative left shift\u0027 warning in test suite to prevent\n failures with gcc6, until upstream fixes the undefined code\n in question (bsc#981848)\n\n- Update to version 1.6.0:\n * ffi.list_types()\n * ffi.unpack()\n * extern \u0027Python+C\u0027;\n * in API mode, lib.foo.__doc__ contains the C signature now.\n * Yet another attempt at robustness of ffi.def_extern() against\n CPython\u0027s interpreter shutdown logic.\n- Update in SLE-12 (bsc#1138748, jsc#ECO-1256, jsc#PM-1598)\n\n- Make this version of the package compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792.\n\n- bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in\n finalize_with_tag API\n\n- Add proper conditional for the python2, the ifpython works only\n for the requires/etc\n\n- add missing dependency on python ssl\n\n- update to version 2.1.4:\n * Added X509_up_ref for an upcoming pyOpenSSL release.\n\n- update to version 2.1.3:\n * Updated Windows, macOS, and manylinux1 wheels to be compiled with\n OpenSSL 1.1.0g.\n\n- update to version 2.1.2:\n * Corrected a bug with the manylinux1 wheels where OpenSSL\u0027s stack\n was marked executable.\n\n- fix BuildRequires conditions for python3\n\n- update to 2.1.1\n\n- Fix cffi version requirement.\n\n- Disable memleak tests to fix build with OpenSSL 1.1 (bsc#1055478)\n\n\n- update to 2.0.3\n\n- update to 2.0.2\n\n- update to 2.0\n\n- update to 1.9\n\n- add python-packaging to requirements explicitly instead of relying\n on setuptools to pull it in\n\n- Switch to singlespec approach\n\n- update to 1.8.1\n- Adust Requires and BuildRequires",
"title": "Description of the patch"
},
{
"category": "details",
"text": "HPE-Helion-OpenStack-8-2020-792,SUSE-2020-792,SUSE-OpenStack-Cloud-7-2020-792,SUSE-OpenStack-Cloud-8-2020-792,SUSE-OpenStack-Cloud-Crowbar-8-2020-792,SUSE-SLE-SAP-12-SP2-2020-792,SUSE-SLE-SAP-12-SP3-2020-792,SUSE-SLE-SERVER-12-SP2-2020-792,SUSE-SLE-SERVER-12-SP2-BCL-2020-792,SUSE-SLE-SERVER-12-SP3-2020-792,SUSE-SLE-SERVER-12-SP3-BCL-2020-792,SUSE-SLE-SERVER-12-SP4-2020-792,SUSE-SLE-SERVER-12-SP5-2020-792,SUSE-Storage-5-2020-792",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_0792-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:0792-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200792-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:0792-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-March/006644.html"
},
{
"category": "self",
"summary": "SUSE Bug 1055478",
"url": "https://bugzilla.suse.com/1055478"
},
{
"category": "self",
"summary": "SUSE Bug 1070737",
"url": "https://bugzilla.suse.com/1070737"
},
{
"category": "self",
"summary": "SUSE Bug 1101820",
"url": "https://bugzilla.suse.com/1101820"
},
{
"category": "self",
"summary": "SUSE Bug 1111657",
"url": "https://bugzilla.suse.com/1111657"
},
{
"category": "self",
"summary": "SUSE Bug 1138748",
"url": "https://bugzilla.suse.com/1138748"
},
{
"category": "self",
"summary": "SUSE Bug 1149792",
"url": "https://bugzilla.suse.com/1149792"
},
{
"category": "self",
"summary": "SUSE Bug 981848",
"url": "https://bugzilla.suse.com/981848"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10903 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10903/"
}
],
"title": "Security update for python-cffi, python-cryptography",
"tracking": {
"current_release_date": "2020-03-25T14:14:32Z",
"generator": {
"date": "2020-03-25T14:14:32Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:0792-1",
"initial_release_date": "2020-03-25T14:14:32Z",
"revision_history": [
{
"date": "2020-03-25T14:14:32Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python-cffi-1.11.2-5.11.1.aarch64",
"product": {
"name": "python-cffi-1.11.2-5.11.1.aarch64",
"product_id": "python-cffi-1.11.2-5.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-cryptography-2.1.4-7.28.2.aarch64",
"product": {
"name": "python-cryptography-2.1.4-7.28.2.aarch64",
"product_id": "python-cryptography-2.1.4-7.28.2.aarch64"
}
},
{
"category": "product_version",
"name": "python-xattr-0.7.5-6.3.2.aarch64",
"product": {
"name": "python-xattr-0.7.5-6.3.2.aarch64",
"product_id": "python-xattr-0.7.5-6.3.2.aarch64"
}
},
{
"category": "product_version",
"name": "python3-cffi-1.11.2-5.11.1.aarch64",
"product": {
"name": "python3-cffi-1.11.2-5.11.1.aarch64",
"product_id": "python3-cffi-1.11.2-5.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-cryptography-2.1.4-7.28.2.aarch64",
"product": {
"name": "python3-cryptography-2.1.4-7.28.2.aarch64",
"product_id": "python3-cryptography-2.1.4-7.28.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-cffi-1.11.2-5.11.1.i586",
"product": {
"name": "python-cffi-1.11.2-5.11.1.i586",
"product_id": "python-cffi-1.11.2-5.11.1.i586"
}
},
{
"category": "product_version",
"name": "python-cryptography-2.1.4-7.28.2.i586",
"product": {
"name": "python-cryptography-2.1.4-7.28.2.i586",
"product_id": "python-cryptography-2.1.4-7.28.2.i586"
}
},
{
"category": "product_version",
"name": "python-xattr-0.7.5-6.3.2.i586",
"product": {
"name": "python-xattr-0.7.5-6.3.2.i586",
"product_id": "python-xattr-0.7.5-6.3.2.i586"
}
},
{
"category": "product_version",
"name": "python3-cffi-1.11.2-5.11.1.i586",
"product": {
"name": "python3-cffi-1.11.2-5.11.1.i586",
"product_id": "python3-cffi-1.11.2-5.11.1.i586"
}
},
{
"category": "product_version",
"name": "python3-cryptography-2.1.4-7.28.2.i586",
"product": {
"name": "python3-cryptography-2.1.4-7.28.2.i586",
"product_id": "python3-cryptography-2.1.4-7.28.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "python-cffi-1.11.2-5.11.1.ppc64le",
"product": {
"name": "python-cffi-1.11.2-5.11.1.ppc64le",
"product_id": "python-cffi-1.11.2-5.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-cryptography-2.1.4-7.28.2.ppc64le",
"product": {
"name": "python-cryptography-2.1.4-7.28.2.ppc64le",
"product_id": "python-cryptography-2.1.4-7.28.2.ppc64le"
}
},
{
"category": "product_version",
"name": "python-xattr-0.7.5-6.3.2.ppc64le",
"product": {
"name": "python-xattr-0.7.5-6.3.2.ppc64le",
"product_id": "python-xattr-0.7.5-6.3.2.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-cffi-1.11.2-5.11.1.ppc64le",
"product": {
"name": "python3-cffi-1.11.2-5.11.1.ppc64le",
"product_id": "python3-cffi-1.11.2-5.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-cryptography-2.1.4-7.28.2.ppc64le",
"product": {
"name": "python3-cryptography-2.1.4-7.28.2.ppc64le",
"product_id": "python3-cryptography-2.1.4-7.28.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python-cffi-1.11.2-5.11.1.s390",
"product": {
"name": "python-cffi-1.11.2-5.11.1.s390",
"product_id": "python-cffi-1.11.2-5.11.1.s390"
}
},
{
"category": "product_version",
"name": "python-cryptography-2.1.4-7.28.2.s390",
"product": {
"name": "python-cryptography-2.1.4-7.28.2.s390",
"product_id": "python-cryptography-2.1.4-7.28.2.s390"
}
},
{
"category": "product_version",
"name": "python-xattr-0.7.5-6.3.2.s390",
"product": {
"name": "python-xattr-0.7.5-6.3.2.s390",
"product_id": "python-xattr-0.7.5-6.3.2.s390"
}
},
{
"category": "product_version",
"name": "python3-cffi-1.11.2-5.11.1.s390",
"product": {
"name": "python3-cffi-1.11.2-5.11.1.s390",
"product_id": "python3-cffi-1.11.2-5.11.1.s390"
}
},
{
"category": "product_version",
"name": "python3-cryptography-2.1.4-7.28.2.s390",
"product": {
"name": "python3-cryptography-2.1.4-7.28.2.s390",
"product_id": "python3-cryptography-2.1.4-7.28.2.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "python-cffi-1.11.2-5.11.1.s390x",
"product": {
"name": "python-cffi-1.11.2-5.11.1.s390x",
"product_id": "python-cffi-1.11.2-5.11.1.s390x"
}
},
{
"category": "product_version",
"name": "python-cryptography-2.1.4-7.28.2.s390x",
"product": {
"name": "python-cryptography-2.1.4-7.28.2.s390x",
"product_id": "python-cryptography-2.1.4-7.28.2.s390x"
}
},
{
"category": "product_version",
"name": "python-xattr-0.7.5-6.3.2.s390x",
"product": {
"name": "python-xattr-0.7.5-6.3.2.s390x",
"product_id": "python-xattr-0.7.5-6.3.2.s390x"
}
},
{
"category": "product_version",
"name": "python3-cffi-1.11.2-5.11.1.s390x",
"product": {
"name": "python3-cffi-1.11.2-5.11.1.s390x",
"product_id": "python3-cffi-1.11.2-5.11.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-cryptography-2.1.4-7.28.2.s390x",
"product": {
"name": "python3-cryptography-2.1.4-7.28.2.s390x",
"product_id": "python3-cryptography-2.1.4-7.28.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python-cffi-1.11.2-5.11.1.x86_64",
"product": {
"name": "python-cffi-1.11.2-5.11.1.x86_64",
"product_id": "python-cffi-1.11.2-5.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-cryptography-2.1.4-7.28.2.x86_64",
"product": {
"name": "python-cryptography-2.1.4-7.28.2.x86_64",
"product_id": "python-cryptography-2.1.4-7.28.2.x86_64"
}
},
{
"category": "product_version",
"name": "python-xattr-0.7.5-6.3.2.x86_64",
"product": {
"name": "python-xattr-0.7.5-6.3.2.x86_64",
"product_id": "python-xattr-0.7.5-6.3.2.x86_64"
}
},
{
"category": "product_version",
"name": "python3-cffi-1.11.2-5.11.1.x86_64",
"product": {
"name": "python3-cffi-1.11.2-5.11.1.x86_64",
"product_id": "python3-cffi-1.11.2-5.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-cryptography-2.1.4-7.28.2.x86_64",
"product": {
"name": "python3-cryptography-2.1.4-7.28.2.x86_64",
"product_id": "python3-cryptography-2.1.4-7.28.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Helion OpenStack 8",
"product": {
"name": "HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:hpe-helion-openstack:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 8",
"product": {
"name": "SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 5",
"product": {
"name": "SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:python-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:python-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:python-xattr-0.7.5-6.3.2.x86_64"
},
"product_reference": "python-xattr-0.7.5-6.3.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:python3-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:python3-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:python-cffi-1.11.2-5.11.1.s390x"
},
"product_reference": "python-cffi-1.11.2-5.11.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:python-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.aarch64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:python-cryptography-2.1.4-7.28.2.aarch64"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.aarch64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:python-cryptography-2.1.4-7.28.2.s390x"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:python-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:python-xattr-0.7.5-6.3.2.s390x"
},
"product_reference": "python-xattr-0.7.5-6.3.2.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:python-xattr-0.7.5-6.3.2.x86_64"
},
"product_reference": "python-xattr-0.7.5-6.3.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:python3-cffi-1.11.2-5.11.1.s390x"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:python3-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:python3-cryptography-2.1.4-7.28.2.s390x"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:python3-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:python-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:python-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:python-xattr-0.7.5-6.3.2.x86_64"
},
"product_reference": "python-xattr-0.7.5-6.3.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:python3-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:python3-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:python-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:python-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:python-xattr-0.7.5-6.3.2.x86_64"
},
"product_reference": "python-xattr-0.7.5-6.3.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:python3-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:python3-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:python-cffi-1.11.2-5.11.1.ppc64le"
},
"product_reference": "python-cffi-1.11.2-5.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:python-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:python-cryptography-2.1.4-7.28.2.ppc64le"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:python-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:python-xattr-0.7.5-6.3.2.ppc64le"
},
"product_reference": "python-xattr-0.7.5-6.3.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:python-xattr-0.7.5-6.3.2.x86_64"
},
"product_reference": "python-xattr-0.7.5-6.3.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-cffi-1.11.2-5.11.1.ppc64le"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-cryptography-2.1.4-7.28.2.ppc64le"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:python-cffi-1.11.2-5.11.1.ppc64le"
},
"product_reference": "python-cffi-1.11.2-5.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:python-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:python-cryptography-2.1.4-7.28.2.ppc64le"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:python-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:python-xattr-0.7.5-6.3.2.ppc64le"
},
"product_reference": "python-xattr-0.7.5-6.3.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:python-xattr-0.7.5-6.3.2.x86_64"
},
"product_reference": "python-xattr-0.7.5-6.3.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-cffi-1.11.2-5.11.1.ppc64le"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-cryptography-2.1.4-7.28.2.ppc64le"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:python-cffi-1.11.2-5.11.1.ppc64le"
},
"product_reference": "python-cffi-1.11.2-5.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:python-cffi-1.11.2-5.11.1.s390x"
},
"product_reference": "python-cffi-1.11.2-5.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:python-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:python-cryptography-2.1.4-7.28.2.ppc64le"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:python-cryptography-2.1.4-7.28.2.s390x"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:python-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:python-xattr-0.7.5-6.3.2.ppc64le"
},
"product_reference": "python-xattr-0.7.5-6.3.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:python-xattr-0.7.5-6.3.2.s390x"
},
"product_reference": "python-xattr-0.7.5-6.3.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:python-xattr-0.7.5-6.3.2.x86_64"
},
"product_reference": "python-xattr-0.7.5-6.3.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:python3-cffi-1.11.2-5.11.1.ppc64le"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:python3-cffi-1.11.2-5.11.1.s390x"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:python3-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:python3-cryptography-2.1.4-7.28.2.ppc64le"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:python3-cryptography-2.1.4-7.28.2.s390x"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:python3-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:python-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:python-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:python-xattr-0.7.5-6.3.2.x86_64"
},
"product_reference": "python-xattr-0.7.5-6.3.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:python3-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:python3-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:python-cffi-1.11.2-5.11.1.aarch64"
},
"product_reference": "python-cffi-1.11.2-5.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:python-cffi-1.11.2-5.11.1.ppc64le"
},
"product_reference": "python-cffi-1.11.2-5.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:python-cffi-1.11.2-5.11.1.s390x"
},
"product_reference": "python-cffi-1.11.2-5.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:python-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:python-cryptography-2.1.4-7.28.2.aarch64"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:python-cryptography-2.1.4-7.28.2.ppc64le"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:python-cryptography-2.1.4-7.28.2.s390x"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:python-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:python-xattr-0.7.5-6.3.2.aarch64"
},
"product_reference": "python-xattr-0.7.5-6.3.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:python-xattr-0.7.5-6.3.2.ppc64le"
},
"product_reference": "python-xattr-0.7.5-6.3.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:python-xattr-0.7.5-6.3.2.s390x"
},
"product_reference": "python-xattr-0.7.5-6.3.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:python-xattr-0.7.5-6.3.2.x86_64"
},
"product_reference": "python-xattr-0.7.5-6.3.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cffi-1.11.2-5.11.1.aarch64"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cffi-1.11.2-5.11.1.ppc64le"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cffi-1.11.2-5.11.1.s390x"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cryptography-2.1.4-7.28.2.aarch64"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cryptography-2.1.4-7.28.2.ppc64le"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cryptography-2.1.4-7.28.2.s390x"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:python-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:python-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:python-xattr-0.7.5-6.3.2.x86_64"
},
"product_reference": "python-xattr-0.7.5-6.3.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:python3-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:python3-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:python-cffi-1.11.2-5.11.1.aarch64"
},
"product_reference": "python-cffi-1.11.2-5.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:python-cffi-1.11.2-5.11.1.ppc64le"
},
"product_reference": "python-cffi-1.11.2-5.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:python-cffi-1.11.2-5.11.1.s390x"
},
"product_reference": "python-cffi-1.11.2-5.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:python-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:python-cryptography-2.1.4-7.28.2.aarch64"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:python-cryptography-2.1.4-7.28.2.ppc64le"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:python-cryptography-2.1.4-7.28.2.s390x"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:python-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:python-xattr-0.7.5-6.3.2.aarch64"
},
"product_reference": "python-xattr-0.7.5-6.3.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:python-xattr-0.7.5-6.3.2.ppc64le"
},
"product_reference": "python-xattr-0.7.5-6.3.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:python-xattr-0.7.5-6.3.2.s390x"
},
"product_reference": "python-xattr-0.7.5-6.3.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:python-xattr-0.7.5-6.3.2.x86_64"
},
"product_reference": "python-xattr-0.7.5-6.3.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:python3-cffi-1.11.2-5.11.1.aarch64"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:python3-cffi-1.11.2-5.11.1.ppc64le"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:python3-cffi-1.11.2-5.11.1.s390x"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:python3-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:python3-cryptography-2.1.4-7.28.2.aarch64"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:python3-cryptography-2.1.4-7.28.2.ppc64le"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:python3-cryptography-2.1.4-7.28.2.s390x"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:python3-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cffi-1.11.2-5.11.1.aarch64"
},
"product_reference": "python-cffi-1.11.2-5.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cffi-1.11.2-5.11.1.ppc64le"
},
"product_reference": "python-cffi-1.11.2-5.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cffi-1.11.2-5.11.1.s390x"
},
"product_reference": "python-cffi-1.11.2-5.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cryptography-2.1.4-7.28.2.aarch64"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cryptography-2.1.4-7.28.2.ppc64le"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cryptography-2.1.4-7.28.2.s390x"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-xattr-0.7.5-6.3.2.aarch64"
},
"product_reference": "python-xattr-0.7.5-6.3.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-xattr-0.7.5-6.3.2.ppc64le"
},
"product_reference": "python-xattr-0.7.5-6.3.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-xattr-0.7.5-6.3.2.s390x"
},
"product_reference": "python-xattr-0.7.5-6.3.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-xattr-0.7.5-6.3.2.x86_64"
},
"product_reference": "python-xattr-0.7.5-6.3.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cffi-1.11.2-5.11.1.aarch64"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cffi-1.11.2-5.11.1.ppc64le"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cffi-1.11.2-5.11.1.s390x"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cryptography-2.1.4-7.28.2.aarch64"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cryptography-2.1.4-7.28.2.ppc64le"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cryptography-2.1.4-7.28.2.s390x"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python-cffi-1.11.2-5.11.1.aarch64"
},
"product_reference": "python-cffi-1.11.2-5.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python-cffi-1.11.2-5.11.1.ppc64le"
},
"product_reference": "python-cffi-1.11.2-5.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python-cffi-1.11.2-5.11.1.s390x"
},
"product_reference": "python-cffi-1.11.2-5.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python-cryptography-2.1.4-7.28.2.aarch64"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python-cryptography-2.1.4-7.28.2.ppc64le"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python-cryptography-2.1.4-7.28.2.s390x"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python-xattr-0.7.5-6.3.2.aarch64"
},
"product_reference": "python-xattr-0.7.5-6.3.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python-xattr-0.7.5-6.3.2.ppc64le"
},
"product_reference": "python-xattr-0.7.5-6.3.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python-xattr-0.7.5-6.3.2.s390x"
},
"product_reference": "python-xattr-0.7.5-6.3.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python-xattr-0.7.5-6.3.2.x86_64"
},
"product_reference": "python-xattr-0.7.5-6.3.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python3-cffi-1.11.2-5.11.1.aarch64"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python3-cffi-1.11.2-5.11.1.ppc64le"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python3-cffi-1.11.2-5.11.1.s390x"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python3-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python3-cryptography-2.1.4-7.28.2.aarch64"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python3-cryptography-2.1.4-7.28.2.ppc64le"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python3-cryptography-2.1.4-7.28.2.s390x"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python3-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cffi-1.11.2-5.11.1.aarch64"
},
"product_reference": "python-cffi-1.11.2-5.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cffi-1.11.2-5.11.1.ppc64le"
},
"product_reference": "python-cffi-1.11.2-5.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cffi-1.11.2-5.11.1.s390x"
},
"product_reference": "python-cffi-1.11.2-5.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cryptography-2.1.4-7.28.2.aarch64"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cryptography-2.1.4-7.28.2.ppc64le"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cryptography-2.1.4-7.28.2.s390x"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-xattr-0.7.5-6.3.2.aarch64"
},
"product_reference": "python-xattr-0.7.5-6.3.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-xattr-0.7.5-6.3.2.ppc64le"
},
"product_reference": "python-xattr-0.7.5-6.3.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-xattr-0.7.5-6.3.2.s390x"
},
"product_reference": "python-xattr-0.7.5-6.3.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-xattr-0.7.5-6.3.2.x86_64"
},
"product_reference": "python-xattr-0.7.5-6.3.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cffi-1.11.2-5.11.1.aarch64"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cffi-1.11.2-5.11.1.ppc64le"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cffi-1.11.2-5.11.1.s390x"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cryptography-2.1.4-7.28.2.aarch64"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cryptography-2.1.4-7.28.2.ppc64le"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cryptography-2.1.4-7.28.2.s390x"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.aarch64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:python-cffi-1.11.2-5.11.1.aarch64"
},
"product_reference": "python-cffi-1.11.2-5.11.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-5.11.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:python-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.aarch64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:python-cryptography-2.1.4-7.28.2.aarch64"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:python-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.aarch64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:python-xattr-0.7.5-6.3.2.aarch64"
},
"product_reference": "python-xattr-0.7.5-6.3.2.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-6.3.2.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:python-xattr-0.7.5-6.3.2.x86_64"
},
"product_reference": "python-xattr-0.7.5-6.3.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.aarch64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:python3-cffi-1.11.2-5.11.1.aarch64"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-5.11.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:python3-cffi-1.11.2-5.11.1.x86_64"
},
"product_reference": "python3-cffi-1.11.2-5.11.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.aarch64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:python3-cryptography-2.1.4-7.28.2.aarch64"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-7.28.2.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:python3-cryptography-2.1.4-7.28.2.x86_64"
},
"product_reference": "python3-cryptography-2.1.4-7.28.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10903"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in python-cryptography versions between \u003e=1.9.0 and \u003c2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:python-cffi-1.11.2-5.11.1.x86_64",
"HPE Helion OpenStack 8:python-cryptography-2.1.4-7.28.2.x86_64",
"HPE Helion OpenStack 8:python-xattr-0.7.5-6.3.2.x86_64",
"HPE Helion OpenStack 8:python3-cffi-1.11.2-5.11.1.x86_64",
"HPE Helion OpenStack 8:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Enterprise Storage 5:python-cffi-1.11.2-5.11.1.aarch64",
"SUSE Enterprise Storage 5:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Enterprise Storage 5:python-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Enterprise Storage 5:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Enterprise Storage 5:python-xattr-0.7.5-6.3.2.aarch64",
"SUSE Enterprise Storage 5:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Enterprise Storage 5:python3-cffi-1.11.2-5.11.1.aarch64",
"SUSE Enterprise Storage 5:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Enterprise Storage 5:python3-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Enterprise Storage 5:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python-xattr-0.7.5-6.3.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python-xattr-0.7.5-6.3.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-xattr-0.7.5-6.3.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-xattr-0.7.5-6.3.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-xattr-0.7.5-6.3.2.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:python-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:python-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:python-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:python-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:python-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:python-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:python-xattr-0.7.5-6.3.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:python-xattr-0.7.5-6.3.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:python-xattr-0.7.5-6.3.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:python3-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:python3-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:python3-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:python3-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:python3-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:python3-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python-xattr-0.7.5-6.3.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python-xattr-0.7.5-6.3.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python-xattr-0.7.5-6.3.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python3-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python3-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python3-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python3-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python3-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python3-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python-xattr-0.7.5-6.3.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python-xattr-0.7.5-6.3.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-xattr-0.7.5-6.3.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-xattr-0.7.5-6.3.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-xattr-0.7.5-6.3.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-xattr-0.7.5-6.3.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-xattr-0.7.5-6.3.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-xattr-0.7.5-6.3.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE OpenStack Cloud 7:python-cffi-1.11.2-5.11.1.s390x",
"SUSE OpenStack Cloud 7:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE OpenStack Cloud 7:python-cryptography-2.1.4-7.28.2.aarch64",
"SUSE OpenStack Cloud 7:python-cryptography-2.1.4-7.28.2.s390x",
"SUSE OpenStack Cloud 7:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE OpenStack Cloud 7:python-xattr-0.7.5-6.3.2.s390x",
"SUSE OpenStack Cloud 7:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE OpenStack Cloud 7:python3-cffi-1.11.2-5.11.1.s390x",
"SUSE OpenStack Cloud 7:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE OpenStack Cloud 7:python3-cryptography-2.1.4-7.28.2.s390x",
"SUSE OpenStack Cloud 7:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE OpenStack Cloud 8:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE OpenStack Cloud 8:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE OpenStack Cloud 8:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE OpenStack Cloud 8:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE OpenStack Cloud 8:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:python3-cryptography-2.1.4-7.28.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10903",
"url": "https://www.suse.com/security/cve/CVE-2018-10903"
},
{
"category": "external",
"summary": "SUSE Bug 1101820 for CVE-2018-10903",
"url": "https://bugzilla.suse.com/1101820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:python-cffi-1.11.2-5.11.1.x86_64",
"HPE Helion OpenStack 8:python-cryptography-2.1.4-7.28.2.x86_64",
"HPE Helion OpenStack 8:python-xattr-0.7.5-6.3.2.x86_64",
"HPE Helion OpenStack 8:python3-cffi-1.11.2-5.11.1.x86_64",
"HPE Helion OpenStack 8:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Enterprise Storage 5:python-cffi-1.11.2-5.11.1.aarch64",
"SUSE Enterprise Storage 5:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Enterprise Storage 5:python-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Enterprise Storage 5:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Enterprise Storage 5:python-xattr-0.7.5-6.3.2.aarch64",
"SUSE Enterprise Storage 5:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Enterprise Storage 5:python3-cffi-1.11.2-5.11.1.aarch64",
"SUSE Enterprise Storage 5:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Enterprise Storage 5:python3-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Enterprise Storage 5:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python-xattr-0.7.5-6.3.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python-xattr-0.7.5-6.3.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-xattr-0.7.5-6.3.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-xattr-0.7.5-6.3.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-xattr-0.7.5-6.3.2.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:python-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:python-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:python-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:python-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:python-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:python-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:python-xattr-0.7.5-6.3.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:python-xattr-0.7.5-6.3.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:python-xattr-0.7.5-6.3.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:python3-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:python3-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:python3-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:python3-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:python3-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:python3-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python-xattr-0.7.5-6.3.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python-xattr-0.7.5-6.3.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python-xattr-0.7.5-6.3.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python3-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python3-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python3-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python3-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python3-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python3-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python-xattr-0.7.5-6.3.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python-xattr-0.7.5-6.3.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-xattr-0.7.5-6.3.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-xattr-0.7.5-6.3.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-xattr-0.7.5-6.3.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-xattr-0.7.5-6.3.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-xattr-0.7.5-6.3.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-xattr-0.7.5-6.3.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE OpenStack Cloud 7:python-cffi-1.11.2-5.11.1.s390x",
"SUSE OpenStack Cloud 7:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE OpenStack Cloud 7:python-cryptography-2.1.4-7.28.2.aarch64",
"SUSE OpenStack Cloud 7:python-cryptography-2.1.4-7.28.2.s390x",
"SUSE OpenStack Cloud 7:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE OpenStack Cloud 7:python-xattr-0.7.5-6.3.2.s390x",
"SUSE OpenStack Cloud 7:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE OpenStack Cloud 7:python3-cffi-1.11.2-5.11.1.s390x",
"SUSE OpenStack Cloud 7:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE OpenStack Cloud 7:python3-cryptography-2.1.4-7.28.2.s390x",
"SUSE OpenStack Cloud 7:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE OpenStack Cloud 8:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE OpenStack Cloud 8:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE OpenStack Cloud 8:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE OpenStack Cloud 8:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE OpenStack Cloud 8:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:python3-cryptography-2.1.4-7.28.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:python-cffi-1.11.2-5.11.1.x86_64",
"HPE Helion OpenStack 8:python-cryptography-2.1.4-7.28.2.x86_64",
"HPE Helion OpenStack 8:python-xattr-0.7.5-6.3.2.x86_64",
"HPE Helion OpenStack 8:python3-cffi-1.11.2-5.11.1.x86_64",
"HPE Helion OpenStack 8:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Enterprise Storage 5:python-cffi-1.11.2-5.11.1.aarch64",
"SUSE Enterprise Storage 5:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Enterprise Storage 5:python-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Enterprise Storage 5:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Enterprise Storage 5:python-xattr-0.7.5-6.3.2.aarch64",
"SUSE Enterprise Storage 5:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Enterprise Storage 5:python3-cffi-1.11.2-5.11.1.aarch64",
"SUSE Enterprise Storage 5:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Enterprise Storage 5:python3-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Enterprise Storage 5:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python-xattr-0.7.5-6.3.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python-xattr-0.7.5-6.3.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-xattr-0.7.5-6.3.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-xattr-0.7.5-6.3.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-xattr-0.7.5-6.3.2.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:python-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:python-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:python-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:python-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:python-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:python-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:python-xattr-0.7.5-6.3.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:python-xattr-0.7.5-6.3.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:python-xattr-0.7.5-6.3.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:python3-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:python3-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:python3-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:python3-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:python3-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:python3-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python-xattr-0.7.5-6.3.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python-xattr-0.7.5-6.3.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python-xattr-0.7.5-6.3.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python3-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python3-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python3-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python3-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python3-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python3-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server 12 SP5:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python-xattr-0.7.5-6.3.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python-xattr-0.7.5-6.3.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-xattr-0.7.5-6.3.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-xattr-0.7.5-6.3.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-xattr-0.7.5-6.3.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-xattr-0.7.5-6.3.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-xattr-0.7.5-6.3.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-xattr-0.7.5-6.3.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cffi-1.11.2-5.11.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cffi-1.11.2-5.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cffi-1.11.2-5.11.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cryptography-2.1.4-7.28.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cryptography-2.1.4-7.28.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cryptography-2.1.4-7.28.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE OpenStack Cloud 7:python-cffi-1.11.2-5.11.1.s390x",
"SUSE OpenStack Cloud 7:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE OpenStack Cloud 7:python-cryptography-2.1.4-7.28.2.aarch64",
"SUSE OpenStack Cloud 7:python-cryptography-2.1.4-7.28.2.s390x",
"SUSE OpenStack Cloud 7:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE OpenStack Cloud 7:python-xattr-0.7.5-6.3.2.s390x",
"SUSE OpenStack Cloud 7:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE OpenStack Cloud 7:python3-cffi-1.11.2-5.11.1.s390x",
"SUSE OpenStack Cloud 7:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE OpenStack Cloud 7:python3-cryptography-2.1.4-7.28.2.s390x",
"SUSE OpenStack Cloud 7:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE OpenStack Cloud 8:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE OpenStack Cloud 8:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE OpenStack Cloud 8:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE OpenStack Cloud 8:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE OpenStack Cloud 8:python3-cryptography-2.1.4-7.28.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:python-cffi-1.11.2-5.11.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:python-cryptography-2.1.4-7.28.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:python-xattr-0.7.5-6.3.2.x86_64",
"SUSE OpenStack Cloud Crowbar 8:python3-cffi-1.11.2-5.11.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:python3-cryptography-2.1.4-7.28.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-25T14:14:32Z",
"details": "important"
}
],
"title": "CVE-2018-10903"
}
]
}
suse-su-2020:0790-1
Vulnerability from csaf_suse
Published
2020-03-25 12:24
Modified
2020-03-25 12:24
Summary
Security update for python-cffi, python-cryptography, python-xattr
Notes
Title of the patch
Security update for python-cffi, python-cryptography, python-xattr
Description of the patch
This update for python-cffi, python-cryptography and python-xattr fixes the following issues:
Security issue fixed:
- CVE-2018-10903: Fixed GCM tag forgery via truncated tag in finalize_with_tag API (bsc#1101820).
Non-security issues fixed:
python-cffi was updated to 1.11.2 (bsc#1138748, jsc#ECO-1256, jsc#PM-1598):
- fixed a build failure on i586 (bsc#1111657)
- Salt was unable to highstate in snapshot 20171129 (bsc#1070737)
- Update pytest in spec to add c directory tests in addition to
testing directory.
Update to 1.11.1:
* Fix tests, remove deprecated C API usage
* Fix (hack) for 3.6.0/3.6.1/3.6.2 giving incompatible binary
extensions (cpython issue #29943)
* Fix for 3.7.0a1+
Update to 1.11.0:
* Support the modern standard types char16_t and char32_t. These
work like wchar_t: they represent one unicode character, or when
used as charN_t * or charN_t[] they represent a unicode string.
The difference with wchar_t is that they have a known, fixed
size. They should work at all places that used to work with
wchar_t (please report an issue if I missed something). Note
that with set_source(), you need to make sure that these types
are actually defined by the C source you provide (if used in
cdef()).
* Support the C99 types float _Complex and double _Complex. Note
that libffi doesn't support them, which means that in the ABI
mode you still cannot call C functions that take complex
numbers directly as arguments or return type.
* Fixed a rare race condition when creating multiple FFI instances
from multiple threads. (Note that you aren't meant to create
many FFI instances: in inline mode, you should write
ffi = cffi.FFI() at module level just after import cffi; and in
out-of-line mode you don't instantiate FFI explicitly at all.)
* Windows: using callbacks can be messy because the CFFI internal
error messages show up to stderr-but stderr goes nowhere in many
applications. This makes it particularly hard to get started
with the embedding mode. (Once you get started, you can at least
use @ffi.def_extern(onerror=...) and send the error logs where
it makes sense for your application, or record them in log
files, and so on.) So what is new in CFFI is that now, on
Windows CFFI will try to open a non-modal MessageBox (in addition
to sending raw messages to stderr). The MessageBox is only
visible if the process stays alive: typically, console
applications that crash close immediately, but that is also the
situation where stderr should be visible anyway.
* Progress on support for callbacks in NetBSD.
* Functions returning booleans would in some case still return 0
or 1 instead of False or True. Fixed.
* ffi.gc() now takes an optional third parameter, which gives an
estimate of the size (in bytes) of the object. So far, this is
only used by PyPy, to make the next GC occur more quickly
(issue #320). In the future, this might have an effect on
CPython too (provided the CPython issue 31105 is addressed).
* Add a note to the documentation: the ABI mode gives function
objects that are slower to call than the API mode does. For
some reason it is often thought to be faster. It is not!
Update to 1.10.1:
* Fixed the line numbers reported in case of cdef() errors. Also,
I just noticed, but pycparser always supported the preprocessor
directive # 42 'foo.h' to mean 'from the next line, we're in
file foo.h starting from line 42';, which it puts in the error
messages.
Update to 1.10.0:
Issue #295: use calloc() directly instead of PyObject_Malloc()+memset()
to handle ffi.new() with a default allocator. Speeds up ffi.new(large-array)
where most of the time you never touch most of the array.
* Some OS/X build fixes ('only with Xcode but without CLT';).
* Improve a couple of error messages: when getting mismatched versions of
cffi and its backend; and when calling functions which cannot be called with
libffi because an argument is a struct that is 'too complicated'; (and not
a struct pointer, which always works).
* Add support for some unusual compilers (non-msvc, non-gcc, non-icc, non-clang)
* Implemented the remaining cases for ffi.from_buffer. Now all
buffer/memoryview objects can be passed. The one remaining check is against
passing unicode strings in Python 2. (They support the buffer interface, but
that gives the raw bytes behind the UTF16/UCS4 storage, which is most of the
times not what you expect. In Python 3 this has been fixed and the unicode
strings don't support the memoryview interface any more.)
* The C type _Bool or bool now converts to a Python boolean when reading,
instead of the content of the byte as an integer. The potential
incompatibility here is what occurs if the byte contains a value different
from 0 and 1. Previously, it would just return it; with this change, CFFI
raises an exception in this case. But this case means 'undefined behavior';
in C; if you really have to interface with a library relying on this,
don't use bool in the CFFI side. Also, it is still valid to use a byte
string as initializer for a bool[], but now it must only contain \x00 or
\x01. As an aside, ffi.string() no longer works on bool[] (but it never made
much sense, as this function stops at the first zero).
* ffi.buffer is now the name of cffi's buffer type, and ffi.buffer() works
like before but is the constructor of that type.
* ffi.addressof(lib, 'name') now works also in in-line mode, not only in
out-of-line mode. This is useful for taking the address of global variables.
* Issue #255: cdata objects of a primitive type (integers, floats, char) are
now compared and ordered by value. For example, <cdata 'int' 42> compares
equal to 42 and <cdata 'char' b'A'> compares equal to b'A'. Unlike C,
<cdata 'int' -1> does not compare equal to ffi.cast('unsigned int', -1): it
compares smaller, because -1 < 4294967295.
* PyPy: ffi.new() and ffi.new_allocator()() did not record 'memory pressure';,
causing the GC to run too infrequently if you call ffi.new() very often
and/or with large arrays. Fixed in PyPy 5.7.
* Support in ffi.cdef() for numeric expressions with + or -. Assumes that
there is no overflow; it should be fixed first before we add more general
support for arbitrary arithmetic on constants.
Update to 1.9.1:
- Structs with variable-sized arrays as their last field: now we track the
length of the array after ffi.new() is called, just like we always tracked
the length of ffi.new('int[]', 42). This lets us detect out-of-range
accesses to array items. This also lets us display a better repr(), and
have the total size returned by ffi.sizeof() and ffi.buffer(). Previously
both functions would return a result based on the size of the declared
structure type, with an assumed empty array. (Thanks andrew for starting
this refactoring.)
- Add support in cdef()/set_source() for unspecified-length arrays in
typedefs: typedef int foo_t[...];. It was already supported for global
variables or structure fields.
- I turned in v1.8 a warning from cffi/model.py into an error: 'enum xxx' has
no values explicitly defined: refusing to guess which integer type it is
meant to be (unsigned/signed, int/long). Now I'm turning it back to a
warning again; it seems that guessing that the enum has size int is a
99%-safe bet. (But not 100%, so it stays as a warning.)
- Fix leaks in the code handling FILE * arguments. In CPython 3 there is a
remaining issue that is hard to fix: if you pass a Python file object to a
FILE * argument, then os.dup() is used and the new file descriptor is only
closed when the GC reclaims the Python file object-and not at the earlier
time when you call close(), which only closes the original file descriptor.
If this is an issue, you should avoid this automatic convertion of Python
file objects: instead, explicitly manipulate file descriptors and call
fdopen() from C (...via cffi).
- When passing a void * argument to a function with a different pointer type,
or vice-versa, the cast occurs automatically, like in C. The same occurs
for initialization with ffi.new() and a few other places. However, I
thought that char * had the same property-but I was mistaken. In C you get
the usual warning if you try to give a char * to a char ** argument, for
example. Sorry about the confusion. This has been fixed in CFFI by giving
for now a warning, too. It will turn into an error in a future version.
- Issue #283: fixed ffi.new() on structures/unions with nested anonymous
structures/unions, when there is at least one union in the mix. When
initialized with a list or a dict, it should now behave more closely like
the { } syntax does in GCC.
- CPython 3.x: experimental: the generated C extension modules now use the
'limited API';, which means that, as a compiled .so/.dll, it should work
directly on any version of CPython >= 3.2. The name produced by distutils
is still version-specific. To get the version-independent name, you can
rename it manually to NAME.abi3.so, or use the very recent setuptools 26.
- Added ffi.compile(debug=...), similar to python setup.py build --debug but
defaulting to True if we are running a debugging version of Python itself.
- Removed the restriction that ffi.from_buffer() cannot be used on byte
strings. Now you can get a char * out of a byte string, which is valid as
long as the string object is kept alive. (But don't use it to modify the
string object! If you need this, use bytearray or other official
techniques.)
- PyPy 5.4 can now pass a byte string directly to a char * argument (in older
versions, a copy would be made). This used to be a CPython-only
optimization.
- ffi.gc(p, None) removes the destructor on an object previously created by
another call to ffi.gc()
- bool(ffi.cast('primitive type', x)) now returns False if the value is zero
(including -0.0), and True otherwise. Previously this would only return
False for cdata objects of a pointer type when the pointer is NULL.
- bytearrays: ffi.from_buffer(bytearray-object) is now supported. (The reason
it was not supported was that it was hard to do in PyPy, but it works since
PyPy 5.3.) To call a C function with a char * argument from a buffer
object-now including bytearrays—you write lib.foo(ffi.from_buffer(x)).
Additionally, this is now supported: p[0:length] = bytearray-object. The
problem with this was that a iterating over bytearrays gives numbers
instead of characters. (Now it is implemented with just a memcpy, of
course, not actually iterating over the characters.)
- C++: compiling the generated C code with C++ was supposed to work, but
failed if you make use the bool type (because that is rendered as the C
_Bool type, which doesn't exist in C++).
- help(lib) and help(lib.myfunc) now give useful information, as well as
dir(p) where p is a struct or pointer-to-struct.
- Fixed the 'negative left shift' warning by replacing bitshifting
in appropriate places by bitwise and comparison to self; patch
taken from upstream git. Drop cffi-1.5.2-wnoerror.patch: no
longer required.
- disable 'negative left shift' warning in test suite to prevent
failures with gcc6, until upstream fixes the undefined code
in question (bsc#981848)
Update to version 1.6.0:
* ffi.list_types()
* ffi.unpack()
* extern 'Python+C';
* in API mode, lib.foo.__doc__ contains the C signature now.
* Yet another attempt at robustness of ffi.def_extern() against
CPython's interpreter shutdown logic.
Update to 1.5.2:
* support for cffi-based embedding
* more robustness for shutdown logic
Updated python-cryptography to 2.1.4 (bsc#1138748, jsc#ECO-1256, jsc#PM-1598)
- Make this version of the package compatible with OpenSSL 1.1.1d (bsc#1149792)
- CVE-2018-10903: Fixed GCM tag forgery via truncated tag in
finalize_with_tag API (bsc#1101820)
Update to version 2.1.4:
* Added X509_up_ref for an upcoming pyOpenSSL release.
* Corrected a bug with the manylinux1 wheels where OpenSSL's stack
was marked executable.
* support for OpenSSL 1.0.0 has been removed.
* Added support for Diffie-Hellman key exchange
* The OS random engine for OpenSSL has been rewritten
python-xattr was just rebuilt to adjust its cffi depedency.
Patchnames
SUSE-2020-790,SUSE-OpenStack-Cloud-6-LTSS-2020-790,SUSE-SLE-SAP-12-SP1-2020-790,SUSE-SLE-SERVER-12-SP1-2020-790
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-cffi, python-cryptography, python-xattr",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-cffi, python-cryptography and python-xattr fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2018-10903: Fixed GCM tag forgery via truncated tag in finalize_with_tag API (bsc#1101820).\n\nNon-security issues fixed:\n\npython-cffi was updated to 1.11.2 (bsc#1138748, jsc#ECO-1256, jsc#PM-1598):\n\n- fixed a build failure on i586 (bsc#1111657)\n- Salt was unable to highstate in snapshot 20171129 (bsc#1070737)\n\n- Update pytest in spec to add c directory tests in addition to \n testing directory.\n\nUpdate to 1.11.1:\n\n* Fix tests, remove deprecated C API usage\n* Fix (hack) for 3.6.0/3.6.1/3.6.2 giving incompatible binary\n extensions (cpython issue #29943)\n* Fix for 3.7.0a1+\n\nUpdate to 1.11.0:\n\n* Support the modern standard types char16_t and char32_t. These\n work like wchar_t: they represent one unicode character, or when\n used as charN_t * or charN_t[] they represent a unicode string.\n The difference with wchar_t is that they have a known, fixed\n size. They should work at all places that used to work with\n wchar_t (please report an issue if I missed something). Note\n that with set_source(), you need to make sure that these types\n are actually defined by the C source you provide (if used in\n cdef()).\n* Support the C99 types float _Complex and double _Complex. Note\n that libffi doesn\u0027t support them, which means that in the ABI\n mode you still cannot call C functions that take complex\n numbers directly as arguments or return type.\n* Fixed a rare race condition when creating multiple FFI instances\n from multiple threads. (Note that you aren\u0027t meant to create\n many FFI instances: in inline mode, you should write\n ffi = cffi.FFI() at module level just after import cffi; and in\n out-of-line mode you don\u0027t instantiate FFI explicitly at all.)\n* Windows: using callbacks can be messy because the CFFI internal\n error messages show up to stderr-but stderr goes nowhere in many\n applications. This makes it particularly hard to get started\n with the embedding mode. (Once you get started, you can at least\n use @ffi.def_extern(onerror=...) and send the error logs where\n it makes sense for your application, or record them in log\n files, and so on.) So what is new in CFFI is that now, on\n Windows CFFI will try to open a non-modal MessageBox (in addition\n to sending raw messages to stderr). The MessageBox is only\n visible if the process stays alive: typically, console\n applications that crash close immediately, but that is also the\n situation where stderr should be visible anyway.\n* Progress on support for callbacks in NetBSD.\n* Functions returning booleans would in some case still return 0\n or 1 instead of False or True. Fixed.\n* ffi.gc() now takes an optional third parameter, which gives an\n estimate of the size (in bytes) of the object. So far, this is\n only used by PyPy, to make the next GC occur more quickly\n (issue #320). In the future, this might have an effect on\n CPython too (provided the CPython issue 31105 is addressed).\n* Add a note to the documentation: the ABI mode gives function\n objects that are slower to call than the API mode does. For\n some reason it is often thought to be faster. It is not!\n\nUpdate to 1.10.1:\n\n* Fixed the line numbers reported in case of cdef() errors. Also,\n I just noticed, but pycparser always supported the preprocessor\n directive # 42 \u0027foo.h\u0027 to mean \u0027from the next line, we\u0027re in\n file foo.h starting from line 42\u0027;, which it puts in the error\n messages. \n\nUpdate to 1.10.0:\n\n Issue #295: use calloc() directly instead of PyObject_Malloc()+memset()\n to handle ffi.new() with a default allocator. Speeds up ffi.new(large-array)\n where most of the time you never touch most of the array.\n* Some OS/X build fixes (\u0027only with Xcode but without CLT\u0027;).\n* Improve a couple of error messages: when getting mismatched versions of\n cffi and its backend; and when calling functions which cannot be called with\n libffi because an argument is a struct that is \u0027too complicated\u0027; (and not\n a struct pointer, which always works).\n* Add support for some unusual compilers (non-msvc, non-gcc, non-icc, non-clang)\n* Implemented the remaining cases for ffi.from_buffer. Now all\n buffer/memoryview objects can be passed. The one remaining check is against\n passing unicode strings in Python 2. (They support the buffer interface, but\n that gives the raw bytes behind the UTF16/UCS4 storage, which is most of the\n times not what you expect. In Python 3 this has been fixed and the unicode\n strings don\u0027t support the memoryview interface any more.)\n* The C type _Bool or bool now converts to a Python boolean when reading,\n instead of the content of the byte as an integer. The potential\n incompatibility here is what occurs if the byte contains a value different\n from 0 and 1. Previously, it would just return it; with this change, CFFI\n raises an exception in this case. But this case means \u0027undefined behavior\u0027;\n in C; if you really have to interface with a library relying on this,\n don\u0027t use bool in the CFFI side. Also, it is still valid to use a byte\n string as initializer for a bool[], but now it must only contain \\x00 or\n \\x01. As an aside, ffi.string() no longer works on bool[] (but it never made\n much sense, as this function stops at the first zero).\n* ffi.buffer is now the name of cffi\u0027s buffer type, and ffi.buffer() works\n like before but is the constructor of that type.\n* ffi.addressof(lib, \u0027name\u0027) now works also in in-line mode, not only in\n out-of-line mode. This is useful for taking the address of global variables.\n* Issue #255: cdata objects of a primitive type (integers, floats, char) are\n now compared and ordered by value. For example, \u003ccdata \u0027int\u0027 42\u003e compares\n equal to 42 and \u003ccdata \u0027char\u0027 b\u0027A\u0027\u003e compares equal to b\u0027A\u0027. Unlike C,\n \u003ccdata \u0027int\u0027 -1\u003e does not compare equal to ffi.cast(\u0027unsigned int\u0027, -1): it\n compares smaller, because -1 \u003c 4294967295.\n* PyPy: ffi.new() and ffi.new_allocator()() did not record \u0027memory pressure\u0027;,\n causing the GC to run too infrequently if you call ffi.new() very often\n and/or with large arrays. Fixed in PyPy 5.7.\n* Support in ffi.cdef() for numeric expressions with + or -. Assumes that\n there is no overflow; it should be fixed first before we add more general\n support for arbitrary arithmetic on constants.\n\nUpdate to 1.9.1:\n\n- Structs with variable-sized arrays as their last field: now we track the\n length of the array after ffi.new() is called, just like we always tracked\n the length of ffi.new(\u0027int[]\u0027, 42). This lets us detect out-of-range\n accesses to array items. This also lets us display a better repr(), and\n have the total size returned by ffi.sizeof() and ffi.buffer(). Previously\n both functions would return a result based on the size of the declared\n structure type, with an assumed empty array. (Thanks andrew for starting\n this refactoring.)\n- Add support in cdef()/set_source() for unspecified-length arrays in\n typedefs: typedef int foo_t[...];. It was already supported for global\n variables or structure fields.\n- I turned in v1.8 a warning from cffi/model.py into an error: \u0027enum xxx\u0027 has\n no values explicitly defined: refusing to guess which integer type it is\n meant to be (unsigned/signed, int/long). Now I\u0027m turning it back to a\n warning again; it seems that guessing that the enum has size int is a\n 99%-safe bet. (But not 100%, so it stays as a warning.)\n- Fix leaks in the code handling FILE * arguments. In CPython 3 there is a\n remaining issue that is hard to fix: if you pass a Python file object to a\n FILE * argument, then os.dup() is used and the new file descriptor is only\n closed when the GC reclaims the Python file object-and not at the earlier\n time when you call close(), which only closes the original file descriptor.\n If this is an issue, you should avoid this automatic convertion of Python\n file objects: instead, explicitly manipulate file descriptors and call\n fdopen() from C (...via cffi).\n- When passing a void * argument to a function with a different pointer type,\n or vice-versa, the cast occurs automatically, like in C. The same occurs\n for initialization with ffi.new() and a few other places. However, I\n thought that char * had the same property-but I was mistaken. In C you get\n the usual warning if you try to give a char * to a char ** argument, for\n example. Sorry about the confusion. This has been fixed in CFFI by giving\n for now a warning, too. It will turn into an error in a future version.\n- Issue #283: fixed ffi.new() on structures/unions with nested anonymous\n structures/unions, when there is at least one union in the mix. When\n initialized with a list or a dict, it should now behave more closely like\n the { } syntax does in GCC.\n- CPython 3.x: experimental: the generated C extension modules now use the\n \u0027limited API\u0027;, which means that, as a compiled .so/.dll, it should work\n directly on any version of CPython \u003e= 3.2. The name produced by distutils\n is still version-specific. To get the version-independent name, you can\n rename it manually to NAME.abi3.so, or use the very recent setuptools 26.\n- Added ffi.compile(debug=...), similar to python setup.py build --debug but\n defaulting to True if we are running a debugging version of Python itself.\n- Removed the restriction that ffi.from_buffer() cannot be used on byte\n strings. Now you can get a char * out of a byte string, which is valid as\n long as the string object is kept alive. (But don\u0027t use it to modify the\n string object! If you need this, use bytearray or other official\n techniques.)\n- PyPy 5.4 can now pass a byte string directly to a char * argument (in older\n versions, a copy would be made). This used to be a CPython-only\n optimization.\n- ffi.gc(p, None) removes the destructor on an object previously created by\n another call to ffi.gc()\n- bool(ffi.cast(\u0027primitive type\u0027, x)) now returns False if the value is zero\n (including -0.0), and True otherwise. Previously this would only return\n False for cdata objects of a pointer type when the pointer is NULL.\n- bytearrays: ffi.from_buffer(bytearray-object) is now supported. (The reason\n it was not supported was that it was hard to do in PyPy, but it works since\n PyPy 5.3.) To call a C function with a char * argument from a buffer\n object-now including bytearrays\u2014you write lib.foo(ffi.from_buffer(x)).\n Additionally, this is now supported: p[0:length] = bytearray-object. The\n problem with this was that a iterating over bytearrays gives numbers\n instead of characters. (Now it is implemented with just a memcpy, of\n course, not actually iterating over the characters.)\n- C++: compiling the generated C code with C++ was supposed to work, but\n failed if you make use the bool type (because that is rendered as the C\n _Bool type, which doesn\u0027t exist in C++).\n- help(lib) and help(lib.myfunc) now give useful information, as well as\n dir(p) where p is a struct or pointer-to-struct.\n\n- Fixed the \u0027negative left shift\u0027 warning by replacing bitshifting\n in appropriate places by bitwise and comparison to self; patch\n taken from upstream git. Drop cffi-1.5.2-wnoerror.patch: no\n longer required.\n\n- disable \u0027negative left shift\u0027 warning in test suite to prevent\n failures with gcc6, until upstream fixes the undefined code\n in question (bsc#981848)\n\nUpdate to version 1.6.0:\n\n* ffi.list_types()\n* ffi.unpack()\n* extern \u0027Python+C\u0027;\n* in API mode, lib.foo.__doc__ contains the C signature now.\n* Yet another attempt at robustness of ffi.def_extern() against\n CPython\u0027s interpreter shutdown logic.\n\nUpdate to 1.5.2:\n\n* support for cffi-based embedding\n* more robustness for shutdown logic\n\n\nUpdated python-cryptography to 2.1.4 (bsc#1138748, jsc#ECO-1256, jsc#PM-1598)\n\n- Make this version of the package compatible with OpenSSL 1.1.1d (bsc#1149792)\n\n- CVE-2018-10903: Fixed GCM tag forgery via truncated tag in\n finalize_with_tag API (bsc#1101820)\n\nUpdate to version 2.1.4:\n\n* Added X509_up_ref for an upcoming pyOpenSSL release.\n* Corrected a bug with the manylinux1 wheels where OpenSSL\u0027s stack\n was marked executable.\n* support for OpenSSL 1.0.0 has been removed.\n* Added support for Diffie-Hellman key exchange\n* The OS random engine for OpenSSL has been rewritten\n\npython-xattr was just rebuilt to adjust its cffi depedency.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-790,SUSE-OpenStack-Cloud-6-LTSS-2020-790,SUSE-SLE-SAP-12-SP1-2020-790,SUSE-SLE-SERVER-12-SP1-2020-790",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_0790-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:0790-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200790-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:0790-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-March/006643.html"
},
{
"category": "self",
"summary": "SUSE Bug 1055478",
"url": "https://bugzilla.suse.com/1055478"
},
{
"category": "self",
"summary": "SUSE Bug 1070737",
"url": "https://bugzilla.suse.com/1070737"
},
{
"category": "self",
"summary": "SUSE Bug 1101820",
"url": "https://bugzilla.suse.com/1101820"
},
{
"category": "self",
"summary": "SUSE Bug 1111657",
"url": "https://bugzilla.suse.com/1111657"
},
{
"category": "self",
"summary": "SUSE Bug 1138748",
"url": "https://bugzilla.suse.com/1138748"
},
{
"category": "self",
"summary": "SUSE Bug 1149792",
"url": "https://bugzilla.suse.com/1149792"
},
{
"category": "self",
"summary": "SUSE Bug 981848",
"url": "https://bugzilla.suse.com/981848"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10903 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10903/"
}
],
"title": "Security update for python-cffi, python-cryptography, python-xattr",
"tracking": {
"current_release_date": "2020-03-25T12:24:49Z",
"generator": {
"date": "2020-03-25T12:24:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:0790-1",
"initial_release_date": "2020-03-25T12:24:49Z",
"revision_history": [
{
"date": "2020-03-25T12:24:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python-cffi-1.11.2-2.19.2.aarch64",
"product": {
"name": "python-cffi-1.11.2-2.19.2.aarch64",
"product_id": "python-cffi-1.11.2-2.19.2.aarch64"
}
},
{
"category": "product_version",
"name": "python-cryptography-2.1.4-3.15.5.aarch64",
"product": {
"name": "python-cryptography-2.1.4-3.15.5.aarch64",
"product_id": "python-cryptography-2.1.4-3.15.5.aarch64"
}
},
{
"category": "product_version",
"name": "python-xattr-0.7.5-3.2.1.aarch64",
"product": {
"name": "python-xattr-0.7.5-3.2.1.aarch64",
"product_id": "python-xattr-0.7.5-3.2.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-cffi-1.11.2-2.19.2.aarch64",
"product": {
"name": "python3-cffi-1.11.2-2.19.2.aarch64",
"product_id": "python3-cffi-1.11.2-2.19.2.aarch64"
}
},
{
"category": "product_version",
"name": "python3-cryptography-2.1.4-3.15.5.aarch64",
"product": {
"name": "python3-cryptography-2.1.4-3.15.5.aarch64",
"product_id": "python3-cryptography-2.1.4-3.15.5.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-cffi-1.11.2-2.19.2.i586",
"product": {
"name": "python-cffi-1.11.2-2.19.2.i586",
"product_id": "python-cffi-1.11.2-2.19.2.i586"
}
},
{
"category": "product_version",
"name": "python-cryptography-2.1.4-3.15.5.i586",
"product": {
"name": "python-cryptography-2.1.4-3.15.5.i586",
"product_id": "python-cryptography-2.1.4-3.15.5.i586"
}
},
{
"category": "product_version",
"name": "python-xattr-0.7.5-3.2.1.i586",
"product": {
"name": "python-xattr-0.7.5-3.2.1.i586",
"product_id": "python-xattr-0.7.5-3.2.1.i586"
}
},
{
"category": "product_version",
"name": "python3-cffi-1.11.2-2.19.2.i586",
"product": {
"name": "python3-cffi-1.11.2-2.19.2.i586",
"product_id": "python3-cffi-1.11.2-2.19.2.i586"
}
},
{
"category": "product_version",
"name": "python3-cryptography-2.1.4-3.15.5.i586",
"product": {
"name": "python3-cryptography-2.1.4-3.15.5.i586",
"product_id": "python3-cryptography-2.1.4-3.15.5.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "python-cffi-1.11.2-2.19.2.ppc64le",
"product": {
"name": "python-cffi-1.11.2-2.19.2.ppc64le",
"product_id": "python-cffi-1.11.2-2.19.2.ppc64le"
}
},
{
"category": "product_version",
"name": "python-cryptography-2.1.4-3.15.5.ppc64le",
"product": {
"name": "python-cryptography-2.1.4-3.15.5.ppc64le",
"product_id": "python-cryptography-2.1.4-3.15.5.ppc64le"
}
},
{
"category": "product_version",
"name": "python-xattr-0.7.5-3.2.1.ppc64le",
"product": {
"name": "python-xattr-0.7.5-3.2.1.ppc64le",
"product_id": "python-xattr-0.7.5-3.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-cffi-1.11.2-2.19.2.ppc64le",
"product": {
"name": "python3-cffi-1.11.2-2.19.2.ppc64le",
"product_id": "python3-cffi-1.11.2-2.19.2.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-cryptography-2.1.4-3.15.5.ppc64le",
"product": {
"name": "python3-cryptography-2.1.4-3.15.5.ppc64le",
"product_id": "python3-cryptography-2.1.4-3.15.5.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python-cffi-1.11.2-2.19.2.s390",
"product": {
"name": "python-cffi-1.11.2-2.19.2.s390",
"product_id": "python-cffi-1.11.2-2.19.2.s390"
}
},
{
"category": "product_version",
"name": "python-cryptography-2.1.4-3.15.5.s390",
"product": {
"name": "python-cryptography-2.1.4-3.15.5.s390",
"product_id": "python-cryptography-2.1.4-3.15.5.s390"
}
},
{
"category": "product_version",
"name": "python-xattr-0.7.5-3.2.1.s390",
"product": {
"name": "python-xattr-0.7.5-3.2.1.s390",
"product_id": "python-xattr-0.7.5-3.2.1.s390"
}
},
{
"category": "product_version",
"name": "python3-cffi-1.11.2-2.19.2.s390",
"product": {
"name": "python3-cffi-1.11.2-2.19.2.s390",
"product_id": "python3-cffi-1.11.2-2.19.2.s390"
}
},
{
"category": "product_version",
"name": "python3-cryptography-2.1.4-3.15.5.s390",
"product": {
"name": "python3-cryptography-2.1.4-3.15.5.s390",
"product_id": "python3-cryptography-2.1.4-3.15.5.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "python-cffi-1.11.2-2.19.2.s390x",
"product": {
"name": "python-cffi-1.11.2-2.19.2.s390x",
"product_id": "python-cffi-1.11.2-2.19.2.s390x"
}
},
{
"category": "product_version",
"name": "python-cryptography-2.1.4-3.15.5.s390x",
"product": {
"name": "python-cryptography-2.1.4-3.15.5.s390x",
"product_id": "python-cryptography-2.1.4-3.15.5.s390x"
}
},
{
"category": "product_version",
"name": "python-xattr-0.7.5-3.2.1.s390x",
"product": {
"name": "python-xattr-0.7.5-3.2.1.s390x",
"product_id": "python-xattr-0.7.5-3.2.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-cffi-1.11.2-2.19.2.s390x",
"product": {
"name": "python3-cffi-1.11.2-2.19.2.s390x",
"product_id": "python3-cffi-1.11.2-2.19.2.s390x"
}
},
{
"category": "product_version",
"name": "python3-cryptography-2.1.4-3.15.5.s390x",
"product": {
"name": "python3-cryptography-2.1.4-3.15.5.s390x",
"product_id": "python3-cryptography-2.1.4-3.15.5.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python-cffi-1.11.2-2.19.2.x86_64",
"product": {
"name": "python-cffi-1.11.2-2.19.2.x86_64",
"product_id": "python-cffi-1.11.2-2.19.2.x86_64"
}
},
{
"category": "product_version",
"name": "python-cryptography-2.1.4-3.15.5.x86_64",
"product": {
"name": "python-cryptography-2.1.4-3.15.5.x86_64",
"product_id": "python-cryptography-2.1.4-3.15.5.x86_64"
}
},
{
"category": "product_version",
"name": "python-xattr-0.7.5-3.2.1.x86_64",
"product": {
"name": "python-xattr-0.7.5-3.2.1.x86_64",
"product_id": "python-xattr-0.7.5-3.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-cffi-1.11.2-2.19.2.x86_64",
"product": {
"name": "python3-cffi-1.11.2-2.19.2.x86_64",
"product_id": "python3-cffi-1.11.2-2.19.2.x86_64"
}
},
{
"category": "product_version",
"name": "python3-cryptography-2.1.4-3.15.5.x86_64",
"product": {
"name": "python3-cryptography-2.1.4-3.15.5.x86_64",
"product_id": "python3-cryptography-2.1.4-3.15.5.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 6-LTSS",
"product": {
"name": "SUSE OpenStack Cloud 6-LTSS",
"product_id": "SUSE OpenStack Cloud 6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-ltss:6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-3.15.5.x86_64 as component of SUSE OpenStack Cloud 6-LTSS",
"product_id": "SUSE OpenStack Cloud 6-LTSS:python-cryptography-2.1.4-3.15.5.x86_64"
},
"product_reference": "python-cryptography-2.1.4-3.15.5.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-2.19.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-cffi-1.11.2-2.19.2.x86_64"
},
"product_reference": "python-cffi-1.11.2-2.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-3.15.5.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-cryptography-2.1.4-3.15.5.x86_64"
},
"product_reference": "python-cryptography-2.1.4-3.15.5.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-3.2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-xattr-0.7.5-3.2.1.x86_64"
},
"product_reference": "python-xattr-0.7.5-3.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-2.19.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python3-cffi-1.11.2-2.19.2.x86_64"
},
"product_reference": "python3-cffi-1.11.2-2.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-3.15.5.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python3-cryptography-2.1.4-3.15.5.x86_64"
},
"product_reference": "python3-cryptography-2.1.4-3.15.5.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-2.19.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:python-cffi-1.11.2-2.19.2.ppc64le"
},
"product_reference": "python-cffi-1.11.2-2.19.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-2.19.2.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:python-cffi-1.11.2-2.19.2.s390x"
},
"product_reference": "python-cffi-1.11.2-2.19.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cffi-1.11.2-2.19.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:python-cffi-1.11.2-2.19.2.x86_64"
},
"product_reference": "python-cffi-1.11.2-2.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-3.15.5.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:python-cryptography-2.1.4-3.15.5.ppc64le"
},
"product_reference": "python-cryptography-2.1.4-3.15.5.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-3.15.5.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:python-cryptography-2.1.4-3.15.5.s390x"
},
"product_reference": "python-cryptography-2.1.4-3.15.5.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-2.1.4-3.15.5.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:python-cryptography-2.1.4-3.15.5.x86_64"
},
"product_reference": "python-cryptography-2.1.4-3.15.5.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-3.2.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:python-xattr-0.7.5-3.2.1.ppc64le"
},
"product_reference": "python-xattr-0.7.5-3.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-3.2.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:python-xattr-0.7.5-3.2.1.s390x"
},
"product_reference": "python-xattr-0.7.5-3.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xattr-0.7.5-3.2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:python-xattr-0.7.5-3.2.1.x86_64"
},
"product_reference": "python-xattr-0.7.5-3.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-2.19.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:python3-cffi-1.11.2-2.19.2.ppc64le"
},
"product_reference": "python3-cffi-1.11.2-2.19.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-2.19.2.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:python3-cffi-1.11.2-2.19.2.s390x"
},
"product_reference": "python3-cffi-1.11.2-2.19.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cffi-1.11.2-2.19.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:python3-cffi-1.11.2-2.19.2.x86_64"
},
"product_reference": "python3-cffi-1.11.2-2.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-3.15.5.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:python3-cryptography-2.1.4-3.15.5.ppc64le"
},
"product_reference": "python3-cryptography-2.1.4-3.15.5.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-3.15.5.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:python3-cryptography-2.1.4-3.15.5.s390x"
},
"product_reference": "python3-cryptography-2.1.4-3.15.5.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-3.15.5.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:python3-cryptography-2.1.4-3.15.5.x86_64"
},
"product_reference": "python3-cryptography-2.1.4-3.15.5.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10903"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in python-cryptography versions between \u003e=1.9.0 and \u003c2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:python-cffi-1.11.2-2.19.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python-cffi-1.11.2-2.19.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python-cffi-1.11.2-2.19.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python-cryptography-2.1.4-3.15.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python-cryptography-2.1.4-3.15.5.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python-cryptography-2.1.4-3.15.5.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python-xattr-0.7.5-3.2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python-xattr-0.7.5-3.2.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python-xattr-0.7.5-3.2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python3-cffi-1.11.2-2.19.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python3-cffi-1.11.2-2.19.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python3-cffi-1.11.2-2.19.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python3-cryptography-2.1.4-3.15.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python3-cryptography-2.1.4-3.15.5.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python3-cryptography-2.1.4-3.15.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-cffi-1.11.2-2.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-cryptography-2.1.4-3.15.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-xattr-0.7.5-3.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:python3-cffi-1.11.2-2.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:python3-cryptography-2.1.4-3.15.5.x86_64",
"SUSE OpenStack Cloud 6-LTSS:python-cryptography-2.1.4-3.15.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10903",
"url": "https://www.suse.com/security/cve/CVE-2018-10903"
},
{
"category": "external",
"summary": "SUSE Bug 1101820 for CVE-2018-10903",
"url": "https://bugzilla.suse.com/1101820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:python-cffi-1.11.2-2.19.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python-cffi-1.11.2-2.19.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python-cffi-1.11.2-2.19.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python-cryptography-2.1.4-3.15.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python-cryptography-2.1.4-3.15.5.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python-cryptography-2.1.4-3.15.5.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python-xattr-0.7.5-3.2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python-xattr-0.7.5-3.2.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python-xattr-0.7.5-3.2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python3-cffi-1.11.2-2.19.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python3-cffi-1.11.2-2.19.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python3-cffi-1.11.2-2.19.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python3-cryptography-2.1.4-3.15.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python3-cryptography-2.1.4-3.15.5.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python3-cryptography-2.1.4-3.15.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-cffi-1.11.2-2.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-cryptography-2.1.4-3.15.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-xattr-0.7.5-3.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:python3-cffi-1.11.2-2.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:python3-cryptography-2.1.4-3.15.5.x86_64",
"SUSE OpenStack Cloud 6-LTSS:python-cryptography-2.1.4-3.15.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:python-cffi-1.11.2-2.19.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python-cffi-1.11.2-2.19.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python-cffi-1.11.2-2.19.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python-cryptography-2.1.4-3.15.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python-cryptography-2.1.4-3.15.5.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python-cryptography-2.1.4-3.15.5.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python-xattr-0.7.5-3.2.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python-xattr-0.7.5-3.2.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python-xattr-0.7.5-3.2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python3-cffi-1.11.2-2.19.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python3-cffi-1.11.2-2.19.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python3-cffi-1.11.2-2.19.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python3-cryptography-2.1.4-3.15.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python3-cryptography-2.1.4-3.15.5.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:python3-cryptography-2.1.4-3.15.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-cffi-1.11.2-2.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-cryptography-2.1.4-3.15.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-xattr-0.7.5-3.2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:python3-cffi-1.11.2-2.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:python3-cryptography-2.1.4-3.15.5.x86_64",
"SUSE OpenStack Cloud 6-LTSS:python-cryptography-2.1.4-3.15.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-25T12:24:49Z",
"details": "important"
}
],
"title": "CVE-2018-10903"
}
]
}
suse-su-2018:3392-1
Vulnerability from csaf_suse
Published
2018-10-24 11:05
Modified
2018-10-24 11:05
Summary
Security update for python-cryptography
Notes
Title of the patch
Security update for python-cryptography
Description of the patch
This update for python-cryptography fixes the following issues:
- CVE-2018-10903: The finalize_with_tag API did not enforce a minimum tag
length. If a user did not validate the input length prior to passing it to
finalize_with_tag an attacker could craft an invalid payload with a shortened
tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the
MAC check. GCM tag forgeries could have caused key leakage (bsc#1101820).
Patchnames
SUSE-SLE-Module-Basesystem-15-2018-2430
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-cryptography",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-cryptography fixes the following issues:\n\n- CVE-2018-10903: The finalize_with_tag API did not enforce a minimum tag\n length. If a user did not validate the input length prior to passing it to\n finalize_with_tag an attacker could craft an invalid payload with a shortened\n tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the\n MAC check. GCM tag forgeries could have caused key leakage (bsc#1101820).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Module-Basesystem-15-2018-2430",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3392-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3392-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183392-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3392-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-October/004785.html"
},
{
"category": "self",
"summary": "SUSE Bug 1101820",
"url": "https://bugzilla.suse.com/1101820"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10903 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10903/"
}
],
"title": "Security update for python-cryptography",
"tracking": {
"current_release_date": "2018-10-24T11:05:21Z",
"generator": {
"date": "2018-10-24T11:05:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3392-1",
"initial_release_date": "2018-10-24T11:05:21Z",
"revision_history": [
{
"date": "2018-10-24T11:05:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python2-cryptography-2.1.4-4.3.1.aarch64",
"product": {
"name": "python2-cryptography-2.1.4-4.3.1.aarch64",
"product_id": "python2-cryptography-2.1.4-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-cryptography-2.1.4-4.3.1.aarch64",
"product": {
"name": "python3-cryptography-2.1.4-4.3.1.aarch64",
"product_id": "python3-cryptography-2.1.4-4.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-cryptography-2.1.4-4.3.1.ppc64le",
"product": {
"name": "python2-cryptography-2.1.4-4.3.1.ppc64le",
"product_id": "python2-cryptography-2.1.4-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-cryptography-2.1.4-4.3.1.ppc64le",
"product": {
"name": "python3-cryptography-2.1.4-4.3.1.ppc64le",
"product_id": "python3-cryptography-2.1.4-4.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-cryptography-2.1.4-4.3.1.s390x",
"product": {
"name": "python2-cryptography-2.1.4-4.3.1.s390x",
"product_id": "python2-cryptography-2.1.4-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-cryptography-2.1.4-4.3.1.s390x",
"product": {
"name": "python3-cryptography-2.1.4-4.3.1.s390x",
"product_id": "python3-cryptography-2.1.4-4.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-cryptography-2.1.4-4.3.1.x86_64",
"product": {
"name": "python2-cryptography-2.1.4-4.3.1.x86_64",
"product_id": "python2-cryptography-2.1.4-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-cryptography-2.1.4-4.3.1.x86_64",
"product": {
"name": "python3-cryptography-2.1.4-4.3.1.x86_64",
"product_id": "python3-cryptography-2.1.4-4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.1.4-4.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:python2-cryptography-2.1.4-4.3.1.aarch64"
},
"product_reference": "python2-cryptography-2.1.4-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.1.4-4.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:python2-cryptography-2.1.4-4.3.1.ppc64le"
},
"product_reference": "python2-cryptography-2.1.4-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.1.4-4.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:python2-cryptography-2.1.4-4.3.1.s390x"
},
"product_reference": "python2-cryptography-2.1.4-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-2.1.4-4.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:python2-cryptography-2.1.4-4.3.1.x86_64"
},
"product_reference": "python2-cryptography-2.1.4-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-4.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:python3-cryptography-2.1.4-4.3.1.aarch64"
},
"product_reference": "python3-cryptography-2.1.4-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-4.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:python3-cryptography-2.1.4-4.3.1.ppc64le"
},
"product_reference": "python3-cryptography-2.1.4-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-4.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:python3-cryptography-2.1.4-4.3.1.s390x"
},
"product_reference": "python3-cryptography-2.1.4-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-cryptography-2.1.4-4.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:python3-cryptography-2.1.4-4.3.1.x86_64"
},
"product_reference": "python3-cryptography-2.1.4-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10903"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in python-cryptography versions between \u003e=1.9.0 and \u003c2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:python2-cryptography-2.1.4-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:python2-cryptography-2.1.4-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:python2-cryptography-2.1.4-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:python2-cryptography-2.1.4-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:python3-cryptography-2.1.4-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:python3-cryptography-2.1.4-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:python3-cryptography-2.1.4-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:python3-cryptography-2.1.4-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10903",
"url": "https://www.suse.com/security/cve/CVE-2018-10903"
},
{
"category": "external",
"summary": "SUSE Bug 1101820 for CVE-2018-10903",
"url": "https://bugzilla.suse.com/1101820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:python2-cryptography-2.1.4-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:python2-cryptography-2.1.4-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:python2-cryptography-2.1.4-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:python2-cryptography-2.1.4-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:python3-cryptography-2.1.4-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:python3-cryptography-2.1.4-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:python3-cryptography-2.1.4-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:python3-cryptography-2.1.4-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:python2-cryptography-2.1.4-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:python2-cryptography-2.1.4-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:python2-cryptography-2.1.4-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:python2-cryptography-2.1.4-4.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:python3-cryptography-2.1.4-4.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:python3-cryptography-2.1.4-4.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:python3-cryptography-2.1.4-4.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:python3-cryptography-2.1.4-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-24T11:05:21Z",
"details": "important"
}
],
"title": "CVE-2018-10903"
}
]
}
gsd-2018-10903
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-10903",
"description": "A flaw was found in python-cryptography versions between \u003e=1.9.0 and \u003c2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.",
"id": "GSD-2018-10903",
"references": [
"https://www.suse.com/security/cve/CVE-2018-10903.html",
"https://access.redhat.com/errata/RHSA-2018:3600",
"https://ubuntu.com/security/CVE-2018-10903",
"https://advisories.mageia.org/CVE-2018-10903.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-10903"
],
"details": "A flaw was found in python-cryptography versions between \u003e=1.9.0 and \u003c2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.",
"id": "GSD-2018-10903",
"modified": "2023-12-13T01:22:41.069161Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "python-cryptography",
"version": {
"version_data": [
{
"version_value": "2.3"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in python-cryptography versions between \u003e=1.9.0 and \u003c2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:3600",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3600"
},
{
"name": "USN-3720-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3720-1/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903"
},
{
"name": "https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef",
"refsource": "CONFIRM",
"url": "https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=1.9.0,\u003c2.3",
"affected_versions": "All versions starting from 1.9.0 before 2.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2019-10-03",
"description": "The `finalize_with_tag` API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to `finalize_with_tag`, an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 chance of passing the MAC check. GCM tag forgeries can cause key leakage.",
"fixed_versions": [
"2.3"
],
"identifier": "CVE-2018-10903",
"identifiers": [
"CVE-2018-10903"
],
"not_impacted": "All versions before 1.9.0, all versions starting from 2.3",
"package_slug": "pypi/cryptography",
"pubdate": "2018-07-30",
"solution": "Upgrade to version 2.3 or above.",
"title": "GCM tag forgery via truncated tag in finalize_with_tag API",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-10903",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903",
"http://cwe.mitre.org/data/definitions/20.html",
"https://access.redhat.com/errata/RHSA-2018:3600",
"https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef",
"https://usn.ubuntu.com/3720-1/"
],
"uuid": "004b3de5-5aa8-4977-b6c5-3b9b31b28dcd"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cryptography:python-cryptography:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.3",
"versionStartIncluding": "1.9.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10903"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A flaw was found in python-cryptography versions between \u003e=1.9.0 and \u003c2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903"
},
{
"name": "USN-3720-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3720-1/"
},
{
"name": "RHSA-2018:3600",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2018:3600"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2021-08-04T17:14Z",
"publishedDate": "2018-07-30T16:29Z"
}
}
}
RHSA-2018:3600
Vulnerability from csaf_redhat
Published
2018-11-13 22:13
Modified
2025-11-21 18:06
Summary
Red Hat Security Advisory: python-cryptography security update
Notes
Topic
An update for python-cryptography is now available for Red Hat OpenStack Platform 13.0 (Queens).
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The python-cryptography packages contain a Python Cryptographic Authority's (PyCA's) cryptography library, which provides cryptographic primitives and recipes to Python developers.
Security Fix(es):
* python-cryptography: GCM tag forgery via truncated tag in finalize_with_tag API (CVE-2018-10903)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for python-cryptography is now available for Red Hat OpenStack Platform 13.0 (Queens).\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The python-cryptography packages contain a Python Cryptographic Authority\u0027s (PyCA\u0027s) cryptography library, which provides cryptographic primitives and recipes to Python developers.\n\nSecurity Fix(es):\n\n* python-cryptography: GCM tag forgery via truncated tag in finalize_with_tag API (CVE-2018-10903)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:3600",
"url": "https://access.redhat.com/errata/RHSA-2018:3600"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1602931",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602931"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3600.json"
}
],
"title": "Red Hat Security Advisory: python-cryptography security update",
"tracking": {
"current_release_date": "2025-11-21T18:06:57+00:00",
"generator": {
"date": "2025-11-21T18:06:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2018:3600",
"initial_release_date": "2018-11-13T22:13:59+00:00",
"revision_history": [
{
"date": "2018-11-13T22:13:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-11-13T22:13:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:06:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 13.0",
"product": {
"name": "Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:13::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 13.0",
"product": {
"name": "Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:13::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-cryptography-0:2.1.4-3.el7ost.x86_64",
"product": {
"name": "python2-cryptography-0:2.1.4-3.el7ost.x86_64",
"product_id": "python2-cryptography-0:2.1.4-3.el7ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-cryptography@2.1.4-3.el7ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"product": {
"name": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"product_id": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography-debuginfo@2.1.4-3.el7ost?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"product": {
"name": "python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"product_id": "python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-cryptography@2.1.4-3.el7ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"product": {
"name": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"product_id": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography-debuginfo@2.1.4-3.el7ost?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python-cryptography-0:2.1.4-3.el7ost.src",
"product": {
"name": "python-cryptography-0:2.1.4-3.el7ost.src",
"product_id": "python-cryptography-0:2.1.4-3.el7ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography@2.1.4-3.el7ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-0:2.1.4-3.el7ost.src as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0:python-cryptography-0:2.1.4-3.el7ost.src"
},
"product_reference": "python-cryptography-0:2.1.4-3.el7ost.src",
"relates_to_product_reference": "7Server-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le"
},
"product_reference": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64 as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64"
},
"product_reference": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-0:2.1.4-3.el7ost.ppc64le as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0:python2-cryptography-0:2.1.4-3.el7ost.ppc64le"
},
"product_reference": "python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-0:2.1.4-3.el7ost.x86_64 as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0:python2-cryptography-0:2.1.4-3.el7ost.x86_64"
},
"product_reference": "python2-cryptography-0:2.1.4-3.el7ost.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-0:2.1.4-3.el7ost.src as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-0:2.1.4-3.el7ost.src"
},
"product_reference": "python-cryptography-0:2.1.4-3.el7ost.src",
"relates_to_product_reference": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le"
},
"product_reference": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64 as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64"
},
"product_reference": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-0:2.1.4-3.el7ost.ppc64le as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python2-cryptography-0:2.1.4-3.el7ost.ppc64le"
},
"product_reference": "python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-0:2.1.4-3.el7ost.x86_64 as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python2-cryptography-0:2.1.4-3.el7ost.x86_64"
},
"product_reference": "python2-cryptography-0:2.1.4-3.el7ost.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10903",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-07-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1602931"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in python-cryptography versions between \u003e=1.9.0 and \u003c2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-cryptography: GCM tag forgery via truncated tag in finalize_with_tag API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-13.0:python-cryptography-0:2.1.4-3.el7ost.src",
"7Server-RH7-RHOS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"7Server-RH7-RHOS-13.0:python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-13.0:python2-cryptography-0:2.1.4-3.el7ost.x86_64",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-0:2.1.4-3.el7ost.src",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python2-cryptography-0:2.1.4-3.el7ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10903"
},
{
"category": "external",
"summary": "RHBZ#1602931",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602931"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10903",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10903"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10903",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10903"
}
],
"release_date": "2018-07-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-13T22:13:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOS-13.0:python-cryptography-0:2.1.4-3.el7ost.src",
"7Server-RH7-RHOS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"7Server-RH7-RHOS-13.0:python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-13.0:python2-cryptography-0:2.1.4-3.el7ost.x86_64",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-0:2.1.4-3.el7ost.src",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python2-cryptography-0:2.1.4-3.el7ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3600"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-13.0:python-cryptography-0:2.1.4-3.el7ost.src",
"7Server-RH7-RHOS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"7Server-RH7-RHOS-13.0:python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-13.0:python2-cryptography-0:2.1.4-3.el7ost.x86_64",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-0:2.1.4-3.el7ost.src",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python2-cryptography-0:2.1.4-3.el7ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-cryptography: GCM tag forgery via truncated tag in finalize_with_tag API"
}
]
}
rhsa-2018:3600
Vulnerability from csaf_redhat
Published
2018-11-13 22:13
Modified
2025-11-21 18:06
Summary
Red Hat Security Advisory: python-cryptography security update
Notes
Topic
An update for python-cryptography is now available for Red Hat OpenStack Platform 13.0 (Queens).
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The python-cryptography packages contain a Python Cryptographic Authority's (PyCA's) cryptography library, which provides cryptographic primitives and recipes to Python developers.
Security Fix(es):
* python-cryptography: GCM tag forgery via truncated tag in finalize_with_tag API (CVE-2018-10903)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for python-cryptography is now available for Red Hat OpenStack Platform 13.0 (Queens).\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The python-cryptography packages contain a Python Cryptographic Authority\u0027s (PyCA\u0027s) cryptography library, which provides cryptographic primitives and recipes to Python developers.\n\nSecurity Fix(es):\n\n* python-cryptography: GCM tag forgery via truncated tag in finalize_with_tag API (CVE-2018-10903)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:3600",
"url": "https://access.redhat.com/errata/RHSA-2018:3600"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1602931",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602931"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3600.json"
}
],
"title": "Red Hat Security Advisory: python-cryptography security update",
"tracking": {
"current_release_date": "2025-11-21T18:06:57+00:00",
"generator": {
"date": "2025-11-21T18:06:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2018:3600",
"initial_release_date": "2018-11-13T22:13:59+00:00",
"revision_history": [
{
"date": "2018-11-13T22:13:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-11-13T22:13:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:06:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 13.0",
"product": {
"name": "Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:13::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 13.0",
"product": {
"name": "Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:13::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-cryptography-0:2.1.4-3.el7ost.x86_64",
"product": {
"name": "python2-cryptography-0:2.1.4-3.el7ost.x86_64",
"product_id": "python2-cryptography-0:2.1.4-3.el7ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-cryptography@2.1.4-3.el7ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"product": {
"name": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"product_id": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography-debuginfo@2.1.4-3.el7ost?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"product": {
"name": "python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"product_id": "python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-cryptography@2.1.4-3.el7ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"product": {
"name": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"product_id": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography-debuginfo@2.1.4-3.el7ost?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python-cryptography-0:2.1.4-3.el7ost.src",
"product": {
"name": "python-cryptography-0:2.1.4-3.el7ost.src",
"product_id": "python-cryptography-0:2.1.4-3.el7ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography@2.1.4-3.el7ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-0:2.1.4-3.el7ost.src as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0:python-cryptography-0:2.1.4-3.el7ost.src"
},
"product_reference": "python-cryptography-0:2.1.4-3.el7ost.src",
"relates_to_product_reference": "7Server-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le"
},
"product_reference": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64 as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64"
},
"product_reference": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-0:2.1.4-3.el7ost.ppc64le as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0:python2-cryptography-0:2.1.4-3.el7ost.ppc64le"
},
"product_reference": "python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-0:2.1.4-3.el7ost.x86_64 as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0:python2-cryptography-0:2.1.4-3.el7ost.x86_64"
},
"product_reference": "python2-cryptography-0:2.1.4-3.el7ost.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-0:2.1.4-3.el7ost.src as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-0:2.1.4-3.el7ost.src"
},
"product_reference": "python-cryptography-0:2.1.4-3.el7ost.src",
"relates_to_product_reference": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le"
},
"product_reference": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64 as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64"
},
"product_reference": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-0:2.1.4-3.el7ost.ppc64le as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python2-cryptography-0:2.1.4-3.el7ost.ppc64le"
},
"product_reference": "python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-0:2.1.4-3.el7ost.x86_64 as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python2-cryptography-0:2.1.4-3.el7ost.x86_64"
},
"product_reference": "python2-cryptography-0:2.1.4-3.el7ost.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10903",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-07-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1602931"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in python-cryptography versions between \u003e=1.9.0 and \u003c2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-cryptography: GCM tag forgery via truncated tag in finalize_with_tag API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-13.0:python-cryptography-0:2.1.4-3.el7ost.src",
"7Server-RH7-RHOS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"7Server-RH7-RHOS-13.0:python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-13.0:python2-cryptography-0:2.1.4-3.el7ost.x86_64",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-0:2.1.4-3.el7ost.src",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python2-cryptography-0:2.1.4-3.el7ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10903"
},
{
"category": "external",
"summary": "RHBZ#1602931",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602931"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10903",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10903"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10903",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10903"
}
],
"release_date": "2018-07-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-13T22:13:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOS-13.0:python-cryptography-0:2.1.4-3.el7ost.src",
"7Server-RH7-RHOS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"7Server-RH7-RHOS-13.0:python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-13.0:python2-cryptography-0:2.1.4-3.el7ost.x86_64",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-0:2.1.4-3.el7ost.src",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python2-cryptography-0:2.1.4-3.el7ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3600"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-13.0:python-cryptography-0:2.1.4-3.el7ost.src",
"7Server-RH7-RHOS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"7Server-RH7-RHOS-13.0:python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-13.0:python2-cryptography-0:2.1.4-3.el7ost.x86_64",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-0:2.1.4-3.el7ost.src",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python2-cryptography-0:2.1.4-3.el7ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-cryptography: GCM tag forgery via truncated tag in finalize_with_tag API"
}
]
}
rhsa-2018_3600
Vulnerability from csaf_redhat
Published
2018-11-13 22:13
Modified
2024-11-14 23:46
Summary
Red Hat Security Advisory: python-cryptography security update
Notes
Topic
An update for python-cryptography is now available for Red Hat OpenStack Platform 13.0 (Queens).
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The python-cryptography packages contain a Python Cryptographic Authority's (PyCA's) cryptography library, which provides cryptographic primitives and recipes to Python developers.
Security Fix(es):
* python-cryptography: GCM tag forgery via truncated tag in finalize_with_tag API (CVE-2018-10903)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for python-cryptography is now available for Red Hat OpenStack Platform 13.0 (Queens).\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The python-cryptography packages contain a Python Cryptographic Authority\u0027s (PyCA\u0027s) cryptography library, which provides cryptographic primitives and recipes to Python developers.\n\nSecurity Fix(es):\n\n* python-cryptography: GCM tag forgery via truncated tag in finalize_with_tag API (CVE-2018-10903)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:3600",
"url": "https://access.redhat.com/errata/RHSA-2018:3600"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1602931",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602931"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3600.json"
}
],
"title": "Red Hat Security Advisory: python-cryptography security update",
"tracking": {
"current_release_date": "2024-11-14T23:46:31+00:00",
"generator": {
"date": "2024-11-14T23:46:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:3600",
"initial_release_date": "2018-11-13T22:13:59+00:00",
"revision_history": [
{
"date": "2018-11-13T22:13:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-11-13T22:13:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T23:46:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 13.0",
"product": {
"name": "Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:13::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 13.0",
"product": {
"name": "Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:13::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-cryptography-0:2.1.4-3.el7ost.x86_64",
"product": {
"name": "python2-cryptography-0:2.1.4-3.el7ost.x86_64",
"product_id": "python2-cryptography-0:2.1.4-3.el7ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-cryptography@2.1.4-3.el7ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"product": {
"name": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"product_id": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography-debuginfo@2.1.4-3.el7ost?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"product": {
"name": "python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"product_id": "python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-cryptography@2.1.4-3.el7ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"product": {
"name": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"product_id": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography-debuginfo@2.1.4-3.el7ost?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python-cryptography-0:2.1.4-3.el7ost.src",
"product": {
"name": "python-cryptography-0:2.1.4-3.el7ost.src",
"product_id": "python-cryptography-0:2.1.4-3.el7ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-cryptography@2.1.4-3.el7ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-0:2.1.4-3.el7ost.src as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0:python-cryptography-0:2.1.4-3.el7ost.src"
},
"product_reference": "python-cryptography-0:2.1.4-3.el7ost.src",
"relates_to_product_reference": "7Server-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le"
},
"product_reference": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64 as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64"
},
"product_reference": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-0:2.1.4-3.el7ost.ppc64le as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0:python2-cryptography-0:2.1.4-3.el7ost.ppc64le"
},
"product_reference": "python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-0:2.1.4-3.el7ost.x86_64 as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-13.0:python2-cryptography-0:2.1.4-3.el7ost.x86_64"
},
"product_reference": "python2-cryptography-0:2.1.4-3.el7ost.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-0:2.1.4-3.el7ost.src as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-0:2.1.4-3.el7ost.src"
},
"product_reference": "python-cryptography-0:2.1.4-3.el7ost.src",
"relates_to_product_reference": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le"
},
"product_reference": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64 as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64"
},
"product_reference": "python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-0:2.1.4-3.el7ost.ppc64le as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python2-cryptography-0:2.1.4-3.el7ost.ppc64le"
},
"product_reference": "python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-cryptography-0:2.1.4-3.el7ost.x86_64 as a component of Red Hat OpenStack Platform 13.0",
"product_id": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python2-cryptography-0:2.1.4-3.el7ost.x86_64"
},
"product_reference": "python2-cryptography-0:2.1.4-3.el7ost.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10903",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-07-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1602931"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in python-cryptography versions between \u003e=1.9.0 and \u003c2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-cryptography: GCM tag forgery via truncated tag in finalize_with_tag API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-13.0:python-cryptography-0:2.1.4-3.el7ost.src",
"7Server-RH7-RHOS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"7Server-RH7-RHOS-13.0:python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-13.0:python2-cryptography-0:2.1.4-3.el7ost.x86_64",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-0:2.1.4-3.el7ost.src",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python2-cryptography-0:2.1.4-3.el7ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10903"
},
{
"category": "external",
"summary": "RHBZ#1602931",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602931"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10903",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10903"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10903",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10903"
}
],
"release_date": "2018-07-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-13T22:13:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOS-13.0:python-cryptography-0:2.1.4-3.el7ost.src",
"7Server-RH7-RHOS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"7Server-RH7-RHOS-13.0:python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-13.0:python2-cryptography-0:2.1.4-3.el7ost.x86_64",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-0:2.1.4-3.el7ost.src",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python2-cryptography-0:2.1.4-3.el7ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3600"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RH7-RHOS-13.0:python-cryptography-0:2.1.4-3.el7ost.src",
"7Server-RH7-RHOS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"7Server-RH7-RHOS-13.0:python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-13.0:python2-cryptography-0:2.1.4-3.el7ost.x86_64",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-0:2.1.4-3.el7ost.src",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python-cryptography-debuginfo-0:2.1.4-3.el7ost.x86_64",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python2-cryptography-0:2.1.4-3.el7ost.ppc64le",
"7Server-RH7-RHOS-DEPLOYMENT-TOOLS-13.0:python2-cryptography-0:2.1.4-3.el7ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-cryptography: GCM tag forgery via truncated tag in finalize_with_tag API"
}
]
}
pysec-2018-52
Vulnerability from pysec
Published
2018-07-30 16:29
Modified
2021-07-15 02:22
Details
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.
Impacted products
| Name | purl | cryptography | pkg:pypi/cryptography |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "cryptography",
"purl": "pkg:pypi/cryptography"
},
"ranges": [
{
"events": [
{
"introduced": "1.9"
},
{
"fixed": "2.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.9",
"2.0",
"2.0.1",
"2.0.2",
"2.0.3",
"2.1",
"2.1.1",
"2.1.2",
"2.1.3",
"2.1.4",
"2.2",
"2.2.1",
"2.2.2"
]
}
],
"aliases": [
"CVE-2018-10903",
"GHSA-fcf9-3qw3-gxmj"
],
"details": "A flaw was found in python-cryptography versions between \u003e=1.9.0 and \u003c2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.",
"id": "PYSEC-2018-52",
"modified": "2021-07-15T02:22:07.445715Z",
"published": "2018-07-30T16:29:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3720-1/"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2018:3600"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-fcf9-3qw3-gxmj"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…