Your submission was sent successfully! Close

USN-3138-1: python-cryptography vulnerability

28 November 2016

python-cryptography could generate incorrect keys.

Releases

Packages

Details

Markus Döring discovered that python-cryptography incorrectly handled
certain HKDF lengths. This could result in python-cryptography returning an
empty string instead of the expected derived key.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.10
Ubuntu 16.04

In general, a standard system update will make all the necessary changes.

References