AIX Open Source

AIX Open Source

Share your experiences and connect with fellow developers to discover how to build and manage open source software for the AIX operating system

 View Only

  • 1.  Current cryptography version is affected by CVE-2023-49083

    Posted Tue February 06, 2024 06:19 PM
    Edited by LUIS ABDEL AGUILAR JURADO Tue February 06, 2024 06:23 PM

    Hi Team,

    Is the cryptography-3.4.7-4 being affected by the CVE-2023-49083? Is the fix of this vulnerability in the scope? Is there an ETA?

    Security issue description PocC: NULL-dereference when loading PKCS7 certificates

    Regards



    ------------------------------
    LUIS ABDEL AGUILAR JURADO
    ------------------------------



  • 2.  RE: Current cryptography version is affected by CVE-2023-49083

    Posted Wed February 07, 2024 04:07 AM

    Hi Luis,

    cryptography-3.4.7 version is not affected by the CVE-2023-49083. This CVE is affecting the recent releases. We are not moving to the recent releases because of rust requirement.



    ------------------------------
    Harshith K A
    ------------------------------

    Original Message


  • 3.  RE: Current cryptography version is affected by CVE-2023-49083

    Posted Tue February 20, 2024 07:54 AM

    Hi Luis,

    After more analysis we found that this CVE-2023-49083 is actually affecting cryptography-3.4.7 version. We are working on backporting the fix and will upload it to AIX toolbox soon.



    ------------------------------
    Harshith K A
    ------------------------------

    Original Message


Related Content