{"id":"MGASA-2018-0429","summary":"Updated python-cryptography packages fix security vulnerability","details":"The python-cryptography and python-cryptography-vectors packages have\nbeen updated to version 2.3.1 and fixes the following security issue:\n\nThe finalize_with_tag API did not enforce a minimum tag length. If a\nuser did not validate the input length prior to passing it to\nfinalize_with_tag an attacker could craft an invalid payload with a\nshortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance\nof passing the MAC check. GCM tag forgeries can cause key leakage\n(CVE-2018-10903).\n","modified":"2026-04-16T06:22:41.221524340Z","published":"2018-11-03T11:55:18Z","upstream":["CVE-2018-10903"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0429.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23339"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VKC5JVSO26YBOAYNY4HDSDFREMO4DS67/"}],"affected":[{"package":{"name":"python-cryptography","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/python-cryptography?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3.1-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0429.json"}},{"package":{"name":"python-cryptography-vectors","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/python-cryptography-vectors?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3.1-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0429.json"}},{"package":{"name":"python-asn1crypto","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/python-asn1crypto?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.22.0-1.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0429.json"}},{"package":{"name":"python-cffi","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/python-cffi?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.0-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0429.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}