Описание
Security update for protobuf
This update for protobuf fixes the following issues:
- CVE-2024-7254: Fixed stack overflow vulnerability in Protocol Buffer (bsc#1230778)
Список пакетов
Container containers/milvus:2.4
libprotobuf25_1_0-25.1-150600.16.7.1
Container containers/open-webui:0
libprotobuf25_1_0-25.1-150600.16.7.1
Container suse/manager/5.0/x86_64/server:latest
protobuf-java-25.1-150600.16.7.1
Image SLES15-SP6-Azure-Basic
python311-protobuf-4.25.1-150600.16.7.1
Image SLES15-SP6-Azure-Standard
python311-protobuf-4.25.1-150600.16.7.1
Image SLES15-SP6-BYOS-Azure
python311-protobuf-4.25.1-150600.16.7.1
Image SLES15-SP6-HPC
python311-protobuf-4.25.1-150600.16.7.1
Image SLES15-SP6-HPC-Azure
python311-protobuf-4.25.1-150600.16.7.1
Image SLES15-SP6-HPC-BYOS-Azure
python311-protobuf-4.25.1-150600.16.7.1
Image SLES15-SP6-Hardened-BYOS-Azure
python311-protobuf-4.25.1-150600.16.7.1
Image SLES15-SP6-SAP-Azure
python311-protobuf-4.25.1-150600.16.7.1
Image SLES15-SP6-SAP-BYOS-Azure
python311-protobuf-4.25.1-150600.16.7.1
Image SLES15-SP6-SAP-Hardened
python311-protobuf-4.25.1-150600.16.7.1
Image SLES15-SP6-SAP-Hardened-Azure
python311-protobuf-4.25.1-150600.16.7.1
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
python311-protobuf-4.25.1-150600.16.7.1
Image SLES15-SP6-SAPCAL-Azure
python311-protobuf-4.25.1-150600.16.7.1
Image server-image
protobuf-java-25.1-150600.16.7.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
libprotobuf-lite25_1_0-25.1-150600.16.7.1
libprotobuf25_1_0-25.1-150600.16.7.1
libprotoc25_1_0-25.1-150600.16.7.1
SUSE Linux Enterprise Module for Development Tools 15 SP6
protobuf-devel-25.1-150600.16.7.1
SUSE Linux Enterprise Module for Python 3 15 SP6
python311-protobuf-4.25.1-150600.16.7.1
openSUSE Leap 15.6
libprotobuf-lite25_1_0-25.1-150600.16.7.1
libprotobuf-lite25_1_0-32bit-25.1-150600.16.7.1
libprotobuf25_1_0-25.1-150600.16.7.1
libprotobuf25_1_0-32bit-25.1-150600.16.7.1
libprotoc25_1_0-25.1-150600.16.7.1
libprotoc25_1_0-32bit-25.1-150600.16.7.1
protobuf-devel-25.1-150600.16.7.1
protobuf-java-25.1-150600.16.7.1
python311-protobuf-4.25.1-150600.16.7.1
Ссылки
- Link for SUSE-SU-2024:3745-1
- E-Mail link for SUSE-SU-2024:3745-1
- SUSE Security Ratings
- SUSE Bug 1230778
- SUSE CVE CVE-2024-7254 page
Описание
Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.
Затронутые продукты
Container containers/milvus:2.4:libprotobuf25_1_0-25.1-150600.16.7.1
Container containers/open-webui:0:libprotobuf25_1_0-25.1-150600.16.7.1
Container suse/manager/5.0/x86_64/server:latest:protobuf-java-25.1-150600.16.7.1
Image SLES15-SP6-Azure-Basic:python311-protobuf-4.25.1-150600.16.7.1
Ссылки
- CVE-2024-7254
- SUSE Bug 1230778