AIX Open Source

 View Only
Expand all | Collapse all

Update Python3 Cryptography to get: CVE-2023-38325 and CVE-2023-49083. Please also Upgrade Pytography Package to 41.0.3 or above.

  • 1.  Update Python3 Cryptography to get: CVE-2023-38325 and CVE-2023-49083. Please also Upgrade Pytography Package to 41.0.3 or above.

    Posted Fri February 16, 2024 10:56 AM
    Edited by RAMON ANTONIO MINJARES CAMPOS Wed February 21, 2024 01:08 PM

    Is any way AIX can get?

    1. CVE-2023-38325 and CVE-2023-49083
    2. cryptography package python3 at 41.0.3 or above: Welcome to pyca/cryptography - Cryptography 43.0.0.dev1 documentation

    THANK YOU So much in advance.

    Cryptography remove preview
    Welcome to pyca/cryptography - Cryptography 43.0.0.dev1 documentation
    cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, message digests, and key derivation functions. For example, to encrypt something with cryptography 's high level symmetric encryption recipe:
    View this on Cryptography >



    ------------------------------
    RAMON ANTONIO MINJARES CAMPOS
    ------------------------------



  • 2.  RE: Update Python3 Cryptography to get: CVE-2023-38325 and CVE-2023-49083. Please also Upgrade Pytography Package to 41.0.3 or above.

    Posted Mon February 19, 2024 09:03 AM

    as stated numerous times...cryptography-3.4.7 version is not affected by the CVE-2023-49083. as also mentioned current python cryptography requires rust which is

    not available on aix. but if you are that smart  go on porting it to aix and give something back to the community.



    ------------------------------
    I regret starting this entire conversation
    ------------------------------



  • 3.  RE: Update Python3 Cryptography to get: CVE-2023-38325 and CVE-2023-49083. Please also Upgrade Pytography Package to 41.0.3 or above.

    Posted Tue February 20, 2024 08:13 AM

    As discussed in this forum post below: 

    Current cryptography version is affected by CVE-2023-49083 | AIX Open Source (ibm.com)

    We are working on the fix for this CVE-2023-49083 by backporting it and we will upload it to the AIX Toolbox soon.



    ------------------------------
    Harshith K A
    ------------------------------



  • 4.  RE: Update Python3 Cryptography to get: CVE-2023-38325 and CVE-2023-49083. Please also Upgrade Pytography Package to 41.0.3 or above.

    Posted Wed February 21, 2024 03:58 AM

    as also mentioned current python cryptography requires rust which is

    not available on aix. but if you are that smart  go on porting it to aix and give something back to the community.

    Just to mention - Rust IS available for AIX, it is in Beta testing phase and is not included in the official Rust compiler.

    The modern Cryptography package is ported to AIX and was given back to the community including source code and building procedure:

    • https://dl.power-devops.com/python3.9-cryptography-41.0.2-1.aix7.3.ppc.rpm (binary)
    • https://dl.power-devops.com/python3.9-cryptography-41.0.2-1.src.rpm (source)

    But I wouldn't use it because of CVE. If you wish you can upgrade it to 41.0.7 and contribute back to the community ;-)



    ------------------------------
    Andrey Klyachkin

    https://www.power-devops.com
    ------------------------------



  • 5.  RE: Update Python3 Cryptography to get: CVE-2023-38325 and CVE-2023-49083. Please also Upgrade Pytography Package to 41.0.3 or above.

    Posted Wed February 21, 2024 09:49 AM

    Thanks for your insights, this is my very first time adding a post in the community. I would like to participate on deliveries, how can I become a contributor? 



    ------------------------------
    RAMON ANTONIO MINJARES CAMPOS
    ------------------------------