Back

Security Fix Released for Python Cryptography Package in Fedora 44

Severity: Medium (Score: 45.6)

Sources: Linuxsecurity

Summary

Fedora has released an update for the python-cryptography package, version 46.0.6, addressing a security vulnerability identified as CVE-2026-34073. The issue involved a bug where name constraints were not applied to peer names during verification when the leaf certificate contained a wildcard DNS Subject Alternative Name (SAN). This vulnerability does not affect ordinary X.509 topologies, including those used by the Web PKI. The update was made available on March 26, 2026, and users are advised to upgrade their systems using the 'dnf' package manager. The vulnerability was reported by Oleh Konko (1seal). The update is crucial for developers using this package to ensure secure cryptographic practices. Key Points: • Fedora 44 released python-cryptography version 46.0.6 to fix CVE-2026-34073. • The vulnerability allowed improper verification of peer names with wildcard DNS SANs. • Users are encouraged to update their systems using the 'dnf' package manager.

Key Entities

  • CVE-2026-34073 (cve)
  • Fedora (company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed