Описание
Security update for python-Brotli
This update for python-Brotli fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB. (bsc#1175825)
Список пакетов
SUSE Linux Enterprise Module for Python 3 15 SP6
python3-Brotli-1.0.7-150200.3.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP5
python3-Brotli-1.0.7-150200.3.3.1
openSUSE Leap 15.5
python3-Brotli-1.0.7-150200.3.3.1
Ссылки
- Link for SUSE-SU-2024:1968-1
- E-Mail link for SUSE-SU-2024:1968-1
- SUSE Security Ratings
- SUSE Bug 1175825
- SUSE CVE CVE-2020-8927 page
Описание
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
Затронутые продукты
SUSE Linux Enterprise Module for Python 3 15 SP6:python3-Brotli-1.0.7-150200.3.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP5:python3-Brotli-1.0.7-150200.3.3.1
openSUSE Leap 15.5:python3-Brotli-1.0.7-150200.3.3.1
Ссылки
- CVE-2020-8927
- SUSE Bug 1175825