{"schema_version":"1.7.2","id":"OESA-2026-1729","modified":"2026-03-27T14:03:52Z","published":"2026-03-27T14:03:52Z","upstream":["CVE-2026-27448","CVE-2026-27459"],"summary":"pyOpenSSL security update","details":"pyOpenSSL is a rather thin wrapper around (a subset of) the OpenSSL library. With thin wrapper we mean that a lot of the object methods do nothing more than calling a corresponding function in the OpenSSL library.\r\n\r\nSecurity Fix(es):\n\nA security vulnerability exists in the PyOpenSSL library's `set_tlsext_servername_callback` function. When a user-provided callback function raises an unhandled exception, the connection would still be accepted. If a user relies on this callback for any security-sensitive behavior (such as server name-based access control or certificate validation), this vulnerability could allow the security mechanism to be bypassed, potentially permitting unauthorized connections or access.(CVE-2026-27448)\n\npyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.(CVE-2026-27459)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS-SP1","name":"pyOpenSSL","purl":"pkg:rpm/openEuler/pyOpenSSL&distro=openEuler-24.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.0.0-3.oe2403sp1"}]}],"ecosystem_specific":{"noarch":["pyOpenSSL-help-24.0.0-3.oe2403sp1.noarch.rpm","python3-pyOpenSSL-24.0.0-3.oe2403sp1.noarch.rpm"],"src":["pyOpenSSL-24.0.0-3.oe2403sp1.src.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1729"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27448"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27459"}],"database_specific":{"severity":"Critical"}}