Wind River Support Network

Description

A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10903

Other Downloads

• Wind River Linux LTS 10.17.41.10
• Wind River Linux LTS 10.17.41.11
• Wind River Linux LTS 10.17.41.12
• Wind River Linux LTS 10.17.41.13
• Wind River Linux LTS 10.17.41.14
• Wind River Linux LTS 10.17.41.15
• Wind River Linux LTS 10.17.41.16
• Wind River Linux LTS 10.17.41.17
• Wind River Linux LTS 10.17.41.18
• Wind River Linux LTS 10.17.41.20
• Wind River Linux LTS 10.17.41.21
• Wind River Linux LTS 10.17.41.22
• Wind River Linux LTS 10.17.41.23
• Wind River Linux LTS 10.17.41.24
• Wind River Linux LTS 10.17.41.25
• Wind River Linux LTS 10.17.41.26
• Wind River Linux LTS 10.17.41.27

CVEs

• CVE-2018-10903