Описание
Security update for python-zipp
This update for python-zipp fixes the following issues:
- CVE-2024-5569: Fixed DoS vulnerability when processing a specially crafted zip file (bsc#1227547).
Список пакетов
Container containers/open-webui:0
Image SLES15-SP6-Azure-Basic
Image SLES15-SP6-Azure-Standard
Image SLES15-SP6-BYOS-Azure
Image SLES15-SP6-HPC
Image SLES15-SP6-HPC-Azure
Image SLES15-SP6-HPC-BYOS-Azure
Image SLES15-SP6-Hardened-BYOS-Azure
Image SLES15-SP6-SAP-Azure
Image SLES15-SP6-SAP-BYOS-Azure
Image SLES15-SP6-SAP-Hardened
Image SLES15-SP6-SAP-Hardened-Azure
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
Image SLES15-SP6-SAPCAL-Azure
SUSE Linux Enterprise Module for Python 3 15 SP6
openSUSE Leap 15.6
Ссылки
- Link for SUSE-SU-2024:2397-1
- E-Mail link for SUSE-SU-2024:2397-1
- SUSE Security Ratings
- SUSE Bug 1227547
- SUSE CVE CVE-2024-5569 page
Описание
A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.
Затронутые продукты
Ссылки
- CVE-2024-5569
- SUSE Bug 1227547