RHSA-2026:10754

Vulnerability from csaf_redhat - Published: 2026-04-27 10:15 - Updated: 2026-05-04 14:11
Summary
Red Hat Security Advisory: RHUI 4.11.4 security update - python-pyOpenSSL
Severity
Important
Notes
Topic: An updated version of Red Hat Update Infrastructure (RHUI) is now available. RHUI 4.11.4 resolves a security vulnerability in pyOpenSSL.
Details: Red Hat Update Infrastructure (RHUI) provides a highly scalable and redundant framework for managing repositories and content. It also allows cloud providers to deliver content and updates to Red Hat Enterprise Linux (RHEL) instances. Security Fixes: * pyOpenSSL: DTLS cookie callback buffer overflow (CVE-2026-27459)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2026-27459

A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.

8.1 (High)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Vendor Fix Before applying this update, make sure all previously released errata relevant to your system have been applied. For detailed instructions on how to apply this update, see: https://docs.redhat.com/en/documentation/red_hat_update_infrastructure/4/html/migrating_red_hat_update_infrastructure/assembly_upgrading-red-hat-update-infrastructure_migrating-red-hat-update-infrastructure Note: While there is no updated version of rhui-installer, for this update to take effect, it is necessary to rerun rhui-installer on the RHUA node and to reinstall the CDS nodes, as described in the documentation. For other information, see the product documentation: https://docs.redhat.com/en/documentation/red_hat_update_infrastructure/4 https://access.redhat.com/errata/RHSA-2026:10754
Workaround To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.
References
To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated version of Red Hat Update Infrastructure (RHUI) is now\navailable. RHUI 4.11.4 resolves a security vulnerability in pyOpenSSL.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Update Infrastructure (RHUI) provides a highly scalable and redundant framework for managing repositories and content. It also allows cloud providers to deliver content and updates to Red Hat Enterprise Linux (RHEL) instances.\n\nSecurity Fixes:\n* pyOpenSSL: DTLS cookie callback buffer overflow (CVE-2026-27459)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:10754",
        "url": "https://access.redhat.com/errata/RHSA-2026:10754"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2448503",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448503"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_10754.json"
      }
    ],
    "title": "Red Hat Security Advisory: RHUI 4.11.4 security update - python-pyOpenSSL",
    "tracking": {
      "current_release_date": "2026-05-04T14:11:52+00:00",
      "generator": {
        "date": "2026-05-04T14:11:52+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.8"
        }
      },
      "id": "RHSA-2026:10754",
      "initial_release_date": "2026-04-27T10:15:08+00:00",
      "revision_history": [
        {
          "date": "2026-04-27T10:15:08+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-04-27T10:15:08+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-04T14:11:52+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHUI 4 for RHEL 8",
                "product": {
                  "name": "RHUI 4 for RHEL 8",
                  "product_id": "8Base-RHUI-4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhui:4::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Update Infrastructure"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python-pyOpenSSL-0:24.1.0-2.el8ui.src",
                "product": {
                  "name": "python-pyOpenSSL-0:24.1.0-2.el8ui.src",
                  "product_id": "python-pyOpenSSL-0:24.1.0-2.el8ui.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-pyOpenSSL@24.1.0-2.el8ui?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python3.11-pyOpenSSL-0:24.1.0-2.el8ui.noarch",
                "product": {
                  "name": "python3.11-pyOpenSSL-0:24.1.0-2.el8ui.noarch",
                  "product_id": "python3.11-pyOpenSSL-0:24.1.0-2.el8ui.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3.11-pyOpenSSL@24.1.0-2.el8ui?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-pyOpenSSL-0:24.1.0-2.el8ui.src as a component of RHUI 4 for RHEL 8",
          "product_id": "8Base-RHUI-4:python-pyOpenSSL-0:24.1.0-2.el8ui.src"
        },
        "product_reference": "python-pyOpenSSL-0:24.1.0-2.el8ui.src",
        "relates_to_product_reference": "8Base-RHUI-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3.11-pyOpenSSL-0:24.1.0-2.el8ui.noarch as a component of RHUI 4 for RHEL 8",
          "product_id": "8Base-RHUI-4:python3.11-pyOpenSSL-0:24.1.0-2.el8ui.noarch"
        },
        "product_reference": "python3.11-pyOpenSSL-0:24.1.0-2.el8ui.noarch",
        "relates_to_product_reference": "8Base-RHUI-4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-27459",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2026-03-18T00:01:41.404915+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2448503"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "pyOpenSSL: DTLS cookie callback buffer overflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw is only exploitable when an application using the pyOpenSSL library provides a custom callback to the set_cookie_generate_callback function. For the buffer overflow to occur, the callback function must return a cookie string or byte sequence longer than 256 bytes, limiting the exposure of this issue. Due to these reasons, this vulnerability has been rated with an important severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHUI-4:python-pyOpenSSL-0:24.1.0-2.el8ui.src",
          "8Base-RHUI-4:python3.11-pyOpenSSL-0:24.1.0-2.el8ui.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-27459"
        },
        {
          "category": "external",
          "summary": "RHBZ#2448503",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448503"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-27459",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459"
        },
        {
          "category": "external",
          "summary": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst",
          "url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst"
        },
        {
          "category": "external",
          "summary": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408",
          "url": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"
        },
        {
          "category": "external",
          "summary": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4",
          "url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4"
        }
      ],
      "release_date": "2026-03-17T23:34:28.483000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-27T10:15:08+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor detailed instructions on how to apply this update, see:\nhttps://docs.redhat.com/en/documentation/red_hat_update_infrastructure/4/html/migrating_red_hat_update_infrastructure/assembly_upgrading-red-hat-update-infrastructure_migrating-red-hat-update-infrastructure\n\nNote: While there is no updated version of rhui-installer, for this update to take effect, it is necessary to rerun rhui-installer on the RHUA node and to reinstall the CDS nodes, as described in the documentation.\n\nFor other information, see the product documentation:\nhttps://docs.redhat.com/en/documentation/red_hat_update_infrastructure/4",
          "product_ids": [
            "8Base-RHUI-4:python-pyOpenSSL-0:24.1.0-2.el8ui.src",
            "8Base-RHUI-4:python3.11-pyOpenSSL-0:24.1.0-2.el8ui.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:10754"
        },
        {
          "category": "workaround",
          "details": "To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.",
          "product_ids": [
            "8Base-RHUI-4:python-pyOpenSSL-0:24.1.0-2.el8ui.src",
            "8Base-RHUI-4:python3.11-pyOpenSSL-0:24.1.0-2.el8ui.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHUI-4:python-pyOpenSSL-0:24.1.0-2.el8ui.src",
            "8Base-RHUI-4:python3.11-pyOpenSSL-0:24.1.0-2.el8ui.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "pyOpenSSL: DTLS cookie callback buffer overflow"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.