Summary of the Python3.12-Cryptography Update for AlmaLinux 9
A critical security update has been issued for AlmaLinux 9 concerning the python3.12-cryptography package. The vulnerability, designated as CVE-2024-26130, relates to a NULL pointer dereference that can occur when the pkcs12.serialize_key_and_certificates function is used with a mismatched certificate and private key, alongside an hmac_hash override. This poses significant security risks and has been classified as an important update.
Details of the Update:
- Release Date: September 10, 2025
- Affected Component: python3.12-cryptography
- Severity Level: Important
- Vulnerability: NULL pointer dereference when using mismatched certificate/private key with hmac_hash override (CVE-2024-26130)
Users are encouraged to review the full details of the security issue, including its impact and CVSS score, which can be found on the CVE page linked in the references. Updated packages and additional information can be accessed via the provided AlmaLinux errata link.
Extension of the Update:
In light of this security vulnerability, it is imperative for users and system administrators to promptly apply the update to mitigate potential security risks. The AlmaLinux community is encouraged to remain vigilant and proactive about security updates, ensuring their systems are up to date with the latest patches. Regular monitoring of security advisories and participating in community discussions can also enhance awareness and preparedness against future vulnerabilities.
For those seeking assistance or wishing to engage with the AlmaLinux community, communication channels such as community chat and mailing lists are available, allowing users to exchange information and support each other in maintaining secure systems
A critical security update has been issued for AlmaLinux 9 concerning the python3.12-cryptography package. The vulnerability, designated as CVE-2024-26130, relates to a NULL pointer dereference that can occur when the pkcs12.serialize_key_and_certificates function is used with a mismatched certificate and private key, alongside an hmac_hash override. This poses significant security risks and has been classified as an important update.
Details of the Update:
- Release Date: September 10, 2025
- Affected Component: python3.12-cryptography
- Severity Level: Important
- Vulnerability: NULL pointer dereference when using mismatched certificate/private key with hmac_hash override (CVE-2024-26130)
Users are encouraged to review the full details of the security issue, including its impact and CVSS score, which can be found on the CVE page linked in the references. Updated packages and additional information can be accessed via the provided AlmaLinux errata link.
Extension of the Update:
In light of this security vulnerability, it is imperative for users and system administrators to promptly apply the update to mitigate potential security risks. The AlmaLinux community is encouraged to remain vigilant and proactive about security updates, ensuring their systems are up to date with the latest patches. Regular monitoring of security advisories and participating in community discussions can also enhance awareness and preparedness against future vulnerabilities.
For those seeking assistance or wishing to engage with the AlmaLinux community, communication channels such as community chat and mailing lists are available, allowing users to exchange information and support each other in maintaining secure systems
Python3.12-Cryptography update for AlmaLinux 9
A security update has been released for AlmaLinux 9 to address a vulnerability in the python3.12-cryptography package. The issue, identified as CVE-2024-26130, involves a NULL pointer dereference when using pkcs12.serialize_key_and_certificates with mismatched certificate and private key and an hmac_hash override.
ALSA-2025:15608: python3.12-cryptography security update (Important)Python3.12-Cryptography update for AlmaLinux 9 @ Linux Compatible
