SUSE-SU-2024:2969-1

Опубликовано: 19 авг. 2024

Источник: suse-cvrf

Описание

Security update for python-WebOb

This update for python-WebOb fixes the following issues:

CVE-2024-42353: Fixed open redirect via WebOb's Response object in Location header (bsc#1229221)

Список пакетов

SUSE Linux Enterprise Module for Public Cloud 12

python-WebOb-1.2.3-3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20242969-1/
Link for SUSE-SU-2024:2969-1
https://lists.suse.com/pipermail/sle-updates/2024-August/036625.html
E-Mail link for SUSE-SU-2024:2969-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1229221
SUSE Bug 1229221
https://www.suse.com/security/cve/CVE-2024-42353/
SUSE CVE CVE-2024-42353 page

Описание

WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. `urlparse` however treats a `//` at the start of a string as a URI without a scheme, and then treats the next part as the hostname. `urljoin` will then use that hostname from the second part as the hostname replacing the original one from the request. This vulnerability is patched in WebOb version 1.8.8.

Затронутые продукты

SUSE Linux Enterprise Module for Public Cloud 12:python-WebOb-1.2.3-3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-42353.html
CVE-2024-42353
https://bugzilla.suse.com/1229221
SUSE Bug 1229221

SUSE-SU-2024:2969-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Public Cloud 12

Ссылки

Уязвимость: CVE-2024-42353

Описание

Затронутые продукты

Ссылки