OpenSsl version update for vulnerability #2820
Labels
security
An issue that impacts security
Comments
steven-bellock
added a commit
to steven-bellock/libspdm
that referenced
this issue
Aug 29, 2024
Fix DMTF#2820. Signed-off-by: Steven Bellock <sbellock@nvidia.com>
|
@jyao1 you might have to take this. I'm getting errors when running https://github.com/DMTF/libspdm/blob/main/os_stub/openssllib/process_files.pl |
apop5
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
cryptography 38.0.4 is consumed in https://github.com/DMTF/libspdm/tree/main/os_stub/openssllib
This is being flagged due to known vulerabilities:
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
The recommendation is to upgrade cryptography from 38.0.4 to 42.0.0 to fix the vulnerability.
The text was updated successfully, but these errors were encountered: