Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:3827-1

Опубликовано: 27 сент. 2023
Источник: suse-cvrf

Описание

Security update for python-brotlipy

This update for python-brotlipy fixes the following issues:

  • CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).

Список пакетов

Image SLES15-SP3-BYOS-Azure
python3-brotlipy-0.7.0-150300.3.3.1
Image SLES15-SP3-HPC-BYOS-Azure
python3-brotlipy-0.7.0-150300.3.3.1
Image SLES15-SP3-SAP-BYOS-Azure
python3-brotlipy-0.7.0-150300.3.3.1
Image SLES15-SP3-SAPCAL-Azure
python3-brotlipy-0.7.0-150300.3.3.1
SUSE Linux Enterprise Module for Public Cloud 15 SP3
python3-brotlipy-0.7.0-150300.3.3.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4
python3-brotlipy-0.7.0-150300.3.3.1
SUSE Linux Enterprise Module for Public Cloud 15 SP5
python3-brotlipy-0.7.0-150300.3.3.1
openSUSE Leap 15.4
python3-brotlipy-0.7.0-150300.3.3.1
openSUSE Leap 15.5
python3-brotlipy-0.7.0-150300.3.3.1

Описание

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.


Затронутые продукты
Image SLES15-SP3-BYOS-Azure:python3-brotlipy-0.7.0-150300.3.3.1
Image SLES15-SP3-HPC-BYOS-Azure:python3-brotlipy-0.7.0-150300.3.3.1
Image SLES15-SP3-SAP-BYOS-Azure:python3-brotlipy-0.7.0-150300.3.3.1
Image SLES15-SP3-SAPCAL-Azure:python3-brotlipy-0.7.0-150300.3.3.1

Ссылки