{"id":"OESA-2026-1733","summary":"pyOpenSSL security update","details":"pyOpenSSL is a rather thin wrapper around (a subset of) the OpenSSL library. With thin wrapper we mean that a lot of the object methods do nothing more than calling a corresponding function in the OpenSSL library.\r\n\r\nSecurity Fix(es):\n\nA security vulnerability exists in the PyOpenSSL library's `set_tlsext_servername_callback` function. When a user-provided callback function raises an unhandled exception, the connection would still be accepted. If a user relies on this callback for any security-sensitive behavior (such as server name-based access control or certificate validation), this vulnerability could allow the security mechanism to be bypassed, potentially permitting unauthorized connections or access.(CVE-2026-27448)","modified":"2026-03-27T14:19:02.325511Z","published":"2026-03-27T14:03:57Z","upstream":["CVE-2026-27448"],"database_specific":{"severity":"Low"},"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1733"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27448"}],"affected":[{"package":{"name":"pyOpenSSL","ecosystem":"openEuler:22.03-LTS-SP4","purl":"pkg:rpm/openEuler/pyOpenSSL&distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"21.0.0-3.oe2203sp4"}]}],"ecosystem_specific":{"src":["pyOpenSSL-21.0.0-3.oe2203sp4.src.rpm"],"noarch":["pyOpenSSL-help-21.0.0-3.oe2203sp4.noarch.rpm","python3-pyOpenSSL-21.0.0-3.oe2203sp4.noarch.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2026-1733.json"}}],"schema_version":"1.7.5"}