Описание
Security update for python-uamqp
This update for python-uamqp fixes the following issues:
- CVE-2024-25110: Fixed a use-after-free in open_get_offered_capabilities() (bsc#1219867).
Список пакетов
Image SLES15-SP3-BYOS-Azure
python3-uamqp-1.5.3-150100.4.13.1
Image SLES15-SP3-HPC-BYOS-Azure
python3-uamqp-1.5.3-150100.4.13.1
Image SLES15-SP3-SAP-BYOS-Azure
python3-uamqp-1.5.3-150100.4.13.1
Image SLES15-SP3-SAPCAL-Azure
python3-uamqp-1.5.3-150100.4.13.1
SUSE Linux Enterprise Module for Public Cloud 15 SP2
python3-uamqp-1.5.3-150100.4.13.1
SUSE Linux Enterprise Module for Public Cloud 15 SP3
python3-uamqp-1.5.3-150100.4.13.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4
python3-uamqp-1.5.3-150100.4.13.1
SUSE Linux Enterprise Module for Public Cloud 15 SP5
python3-uamqp-1.5.3-150100.4.13.1
openSUSE Leap 15.5
python3-uamqp-1.5.3-150100.4.13.1
Ссылки
- Link for SUSE-SU-2024:0591-1
- E-Mail link for SUSE-SU-2024:0591-1
- SUSE Security Ratings
- SUSE Bug 1219867
- SUSE CVE CVE-2024-25110 page
Описание
The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability.
Затронутые продукты
Image SLES15-SP3-BYOS-Azure:python3-uamqp-1.5.3-150100.4.13.1
Image SLES15-SP3-HPC-BYOS-Azure:python3-uamqp-1.5.3-150100.4.13.1
Image SLES15-SP3-SAP-BYOS-Azure:python3-uamqp-1.5.3-150100.4.13.1
Image SLES15-SP3-SAPCAL-Azure:python3-uamqp-1.5.3-150100.4.13.1
Ссылки
- CVE-2024-25110
- SUSE Bug 1219867