PublicDateAtUSN: 2020-10-28 00:00:00 UTC
Candidate: CVE-2020-25659
PublicDate: 2021-01-11 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25659
 https://github.com/pyca/cryptography/security/advisories/GHSA-hggm-jpg3-v476
 https://ubuntu.com/security/notices/USN-4613-1
Description:
 python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in
 the RSA decryption API, via timed processing of valid PKCS#1 v1.5
 ciphertext.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973247
 https://bugzilla.redhat.com/show_bug.cgi?id=1889988
Priority: medium
Discovered-by: Hubert Kario
Assigned-to: leosilva
CVSS:
 nvd: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N [5.9 MEDIUM]


Patches_python-cryptography:
 upstream: https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494 (3.2)
upstream_python-cryptography: released (3.2.1-1)
precise/esm_python-cryptography: DNE
trusty_python-cryptography: ignored (out of standard support)
trusty/esm_python-cryptography: DNE
xenial_python-cryptography: released (1.2.3-1ubuntu0.3)
esm-infra/xenial_python-cryptography: released (1.2.3-1ubuntu0.3)
bionic_python-cryptography: released (2.1.4-1ubuntu1.4)
focal_python-cryptography: released (2.8-3ubuntu0.1)
groovy_python-cryptography: released (3.0-1ubuntu0.1)
devel_python-cryptography: released (3.2.1-1)