References: https://www.openwall.com/lists/oss-security/2026/03/20/5 https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4 https://github.com/pyca/pyopenssl/security/advisories/GHSA-vp96-hxj8-p424
Source RPM: (none) => python-openssl-25.0.0-2.mga10.src.rpm, python-openssl-23.0.0-1.mga9.src.rpmFlags: (none) => affects_mga9+Status comment: (none) => Fixed upstream in 26.0.0Whiteboard: (none) => MGA9TOOCVE: (none) => CVE-2026-27448, CVE-2026-27459
CVE-2026-27448: https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0 CVE-2026-27459: https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408
Whiteboard: MGA9TOO => (none)Flags: affects_mga9+ => (none)Status comment: Fixed upstream in 26.0.0 => Fixed upstream in 26.0.0 and patches available from upstreamVersion: Cauldron => 9Source RPM: python-openssl-25.0.0-2.mga10.src.rpm, python-openssl-23.0.0-1.mga9.src.rpm => python-openssl-23.0.0-1.mga9.src.rpm
Ubuntu has issued an advisory on March 23: https://ubuntu.com/security/notices/USN-8115-1
Suggested advisory: ======================== The updated package fixes security vulnerabilities: pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback. (CVE-2026-27448) pyOpenSSL DTLS cookie callback buffer overflow. (CVE-2026-27459) References: https://www.openwall.com/lists/oss-security/2026/03/20/5 https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4 https://github.com/pyca/pyopenssl/security/advisories/GHSA-vp96-hxj8-p424 https://ubuntu.com/security/notices/USN-8115-1 ======================== Updated package in core/updates_testing: ======================== python3-openssl-23.0.0-1.1.mga9 from SRPM: python-openssl-23.0.0-1.1.mga9.src.rpm
Status comment: Fixed upstream in 26.0.0 and patches available from upstream => (none)Assignee: bugsquad => qa-bugsStatus: NEW => ASSIGNED
Keywords: (none) => advisory
MGA9-64 server Plasma Wayland on Compaq H000SB. No installation issues. Ref bug 11206, but run into problems with the testscript provided. print statement needs brackets I had to install python3-httplib2 and change the name of the module to http2, but still then $ python3 pythonopenssl.py Traceback (most recent call last): File "/home/tester9/Documents/pythonopenssl.py", line 4, in <module> conn = httplib2.HTTPSConnection(HOSTNAME) AttributeError: module 'httplib2' has no attribute 'HTTPSConnection' This is beyond me...... script now #!/usr/bin/python import httplib2 HOSTNAME = 'login.yahoo.com' conn = httplib2.HTTPSConnection(HOSTNAME) conn.putrequest('GET', '/') conn.endheaders() response = conn.getresponse() print (response.read())
CC: (none) => herman.viaene
The test script is too old LC_ALL=C urpmi python3-openssl installing python3-openssl-23.0.0-1.1.mga9.noarch.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################### 1/1: python3-openssl ################################################################################################### 1/1: removing python3-openssl-23.0.0-1.mga9.noarch ################################################################################################### Looks that best way to test is tedt if deluge works I did that Looks good to me
Flags: (none) => test_passed_mga9_64+Whiteboard: (none) => MGA9-64-OK
Wondering if it would help if Dave's script was updated to python 3, but validating based on comment 5.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
(In reply to Thomas Andrews from comment #6) > Wondering if it would help if Dave's script was updated to python 3, but > validating based on comment 5. I did try that with 2to3 but the script still fails
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2026-0074.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED