Recommended update for python-cryptography

Announcement ID: SUSE-RU-2017:0996-1
Rating: moderate
References:
Affected Products:
  • SUSE Linux Enterprise Desktop 12 SP1
  • SUSE Linux Enterprise Server 12 SP1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1
  • SUSE OpenStack Cloud 6

An update that has one fix can now be installed.

Description:

This update provides python-cryptography 1.1.2, which brings many fixes and enhancements:

  • Fixed a runtime error 'undefined symbol EC_GFp_nistp224_method' that occurred with some OpenSSL installations.
  • Fixed several small bugs related to compiling the OpenSSL bindings with unusual OpenSSL configurations.
  • Added support for Elliptic Curve Diffie-Hellman.
  • Added support for parsing certificate revocation lists (CRLs).
  • Add support for AES key wrapping.
  • Add support for encoding and decoding elliptic curve points to a byte string form.
  • 'countryName' is now encoded as a 'PrintableString' when creating subject and issuer distinguished names with the Certificate and CSR builder classes.
  • The OpenSSL backend prior to 1.0.2 made extensive use of assertions to check response codes where our tests could not trigger a failure. However, when Python is run with '-O' these asserts are optimized away. If a user ran Python with this flag and got an invalid response code this could result in undefined behavior or worse. Accordingly, all response checks from the OpenSSL backend have been converted from 'assert' to a true function call.
  • Set the default string mask to UTF-8 in the OpenSSL backend to resolve character encoding issues with older versions of OpenSSL.
  • Several new OpenSSL bindings have been added to support a future pyOpenSSL release.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE OpenStack Cloud 6
    zypper in -t patch SUSE-OpenStack-Cloud-6-2017-579=1
  • SUSE Linux Enterprise Desktop 12 SP1
    zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-579=1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1
    zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-579=1
  • SUSE Linux Enterprise Server 12 SP1
    zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-579=1

Package List:

  • SUSE OpenStack Cloud 6 (x86_64)
    • python-cryptography-1.1.2-3.5.1
    • python-cryptography-debugsource-1.1.2-3.5.1
    • python-cryptography-debuginfo-1.1.2-3.5.1
  • SUSE Linux Enterprise Desktop 12 SP1 (x86_64)
    • python-cryptography-1.1.2-3.5.1
    • python-cryptography-debugsource-1.1.2-3.5.1
    • python-cryptography-debuginfo-1.1.2-3.5.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1 (ppc64le x86_64)
    • python-cryptography-1.1.2-3.5.1
    • python-cryptography-debugsource-1.1.2-3.5.1
    • python-cryptography-debuginfo-1.1.2-3.5.1
  • SUSE Linux Enterprise Server 12 SP1 (ppc64le s390x x86_64)
    • python-cryptography-1.1.2-3.5.1
    • python-cryptography-debugsource-1.1.2-3.5.1
    • python-cryptography-debuginfo-1.1.2-3.5.1

References: