SUSE-SU-2023:3670-1

Опубликовано: 19 сент. 2023

Источник: suse-cvrf

Описание

Security update for python-brotlipy

This update for python-brotlipy fixes the following issues:

CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).

Список пакетов

SUSE Linux Enterprise Module for Public Cloud 12

python-brotlipy-0.6.0-2.6.1

python3-brotlipy-0.6.0-2.6.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20233670-1/
Link for SUSE-SU-2023:3670-1
https://lists.suse.com/pipermail/sle-updates/2023-September/031549.html
E-Mail link for SUSE-SU-2023:3670-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1175825
SUSE Bug 1175825
https://www.suse.com/security/cve/CVE-2020-8927/
SUSE CVE CVE-2020-8927 page

Описание

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.

Затронутые продукты

SUSE Linux Enterprise Module for Public Cloud 12:python-brotlipy-0.6.0-2.6.1

SUSE Linux Enterprise Module for Public Cloud 12:python3-brotlipy-0.6.0-2.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-8927.html
CVE-2020-8927
https://bugzilla.suse.com/1175825
SUSE Bug 1175825

SUSE-SU-2023:3670-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Public Cloud 12

Ссылки

Уязвимость: CVE-2020-8927

Описание

Затронутые продукты

Ссылки