[Bug 2144373] Re: latest update to python3-cryptography breaks ecc secp384r1 support

Launchpad Bug Tracker 2144373 at bugs.launchpad.net
Mon Mar 16 11:30:04 UTC 2026 

This bug was fixed in the package python-cryptography -
43.0.0-1ubuntu1.2

---------------
python-cryptography (43.0.0-1ubuntu1.2) questing-security; urgency=medium

  * SECURITY REGRESSION: ecc support regression (LP: #2144373)
    - debian/patches/CVE-2026-26007.patch: updated to remove problematic
      deprecation warning code which is causing a regression with ansible.

 -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Sat, 14 Mar 2026
08:14:57 -0400

** Changed in: python-cryptography (Ubuntu Questing)
       Status: Confirmed => Fix Released

** CVE added: https://cve.org/CVERecord?id=CVE-2026-26007

** Changed in: python-cryptography (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to python-cryptography in Ubuntu.
https://bugs.launchpad.net/bugs/2144373

Title:
  latest update to python3-cryptography breaks ecc secp384r1 support

Status in python-cryptography package in Ubuntu:
  Fix Released
Status in python-cryptography source package in Noble:
  Confirmed
Status in python-cryptography source package in Questing:
  Fix Released

Bug description:
  When running the latest version of python3-cryptography on Ubuntu
  24.04 (41.0.7-4ubuntu0.3), ansible playbooks are failing when the ECC
  curve is set to secp384r1 for the private key. Ansible output shows:

  fatal: [localhost]: FAILED! => changed=false
  msg: Your cryptography version does not support SECP384R1

  There appears to be a regression in supporting ECC secp384r1 keys.

  When reverting to python3-cryptography version 41.0.7-4build3, ansible
  playbook works as expected.

  In addition, launchpad stated "python3-cryptography" does not exist in
  ubuntu when filing this bug, but that is the package that has
  regressed:

  root at dogfood-source-arm64-ans-02-25-2026:/usr/share/ansible# apt list
  --installed | grep cryptography

  WARNING: apt does not have a stable CLI interface. Use with caution in
  scripts.

  python3-cryptography/noble,now 41.0.7-4build3 arm64
  [installed,upgradable to: 41.0.7-4ubuntu0.3]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-cryptography/+bug/2144373/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list