Cloud Foundry Logo
blog single gear
Security Advisory

USN-6673-1: python-cryptography vulnerabilities

USN-6673-1: python-cryptography vulnerabilities




Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 18.04
  • Canonical Ubuntu 22.04


Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information. (CVE-2023-50782) It was discovered that python-cryptography incorrectly handled memory operations when processing mismatched PKCS#12 keys. A remote attacker could possibly use this issue to cause python-cryptography to crash, leading to a denial of service. This issue only affected Ubuntu 23.10. (CVE-2024-26130) Update Instructions: Run `sudo pro fix USN-6673-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-cryptography – 2.1.4-1ubuntu1.4+esm1 python-cryptography – 2.1.4-1ubuntu1.4+esm1 python-cryptography-doc – 2.1.4-1ubuntu1.4+esm1 Available with Ubuntu Pro (Infra-only):

Affected Cloud Foundry Products and Versions

Severity is unknown unless otherwise noted.

  • Jammy Stemcells
    • 1.x versions prior to 1.404
    • All other stemcells not listed.
  • CF Deployment
    • All versions with Jammy Stemcells prior to 1.404


Users of affected products are strongly encouraged to follow the mitigations below.

The Cloud Foundry project recommends upgrading the following releases:

  • Jammy Stemcells
    • Upgrade 1.x versions to 1.404 or greater
    • All other stemcells should be upgraded to the latest version available on
  • CF Deployment
    • For all versions, upgrade Jammy Stemcells to 1.404 or greater



2024-04-04: Initial vulnerability report published.

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR