CVE-2018-1000807

Priority
Description
Python Cryptographic Authority pyopenssl version prior to version 17.5.0
contains a CWE-416: Use After Free vulnerability in X509 object handling
that can result in Use after free can lead to possible denial of service or
remote code execution.. This attack appear to be exploitable via Depends on
the calling application and if it retains a reference to the memory.. This
vulnerability appears to have been fixed in 17.5.0.
Notes
 mdeslaur> requires python-cryptography 2.1.4 which adds X509_up_ref, see
 mdeslaur> https://github.com/pyca/cryptography/pull/4028
Assigned-to
mdeslaur
Package
Upstream:released (17.5.0)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):released (0.15.1-2ubuntu0.2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (17.5.0-1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (17.5.0-1)
Ubuntu 19.04 (Disco Dingo):not-affected (17.5.0-1)
Patches:
Upstream:https://github.com/pyca/pyopenssl/pull/723
Upstream:https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509
More Information

Updated: 2018-11-08 16:15:01 UTC (commit c62a932fd322f44757e5f89e1e1d6fd51b55200a)