Описание
Security update for protobuf
This update for protobuf fixes the following issues:
- CVE-2024-7254: Fixed stack overflow vulnerability in Protocol Buffer (bsc#1230778)
Список пакетов
Image SLES15-SP5-Azure-3P
python311-protobuf-4.25.1-150500.12.5.1
Image SLES15-SP5-Azure-Basic
python311-protobuf-4.25.1-150500.12.5.1
Image SLES15-SP5-Azure-Standard
python311-protobuf-4.25.1-150500.12.5.1
Image SLES15-SP5-BYOS-Azure
python311-protobuf-4.25.1-150500.12.5.1
Image SLES15-SP5-HPC-Azure
python311-protobuf-4.25.1-150500.12.5.1
Image SLES15-SP5-HPC-BYOS-Azure
python311-protobuf-4.25.1-150500.12.5.1
Image SLES15-SP5-Hardened-BYOS-Azure
python311-protobuf-4.25.1-150500.12.5.1
Image SLES15-SP5-SAP-Azure-3P
python311-protobuf-4.25.1-150500.12.5.1
Image SLES15-SP5-SAP-BYOS-Azure
python311-protobuf-4.25.1-150500.12.5.1
Image SLES15-SP5-SAP-Hardened-Azure
python311-protobuf-4.25.1-150500.12.5.1
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
python311-protobuf-4.25.1-150500.12.5.1
Image SLES15-SP5-SAPCAL-Azure
python311-protobuf-4.25.1-150500.12.5.1
SUSE Linux Enterprise Installer Updates 15 SP5
libprotobuf-lite25_1_0-25.1-150500.12.5.1
SUSE Linux Enterprise Micro 5.5
libprotobuf-lite25_1_0-25.1-150500.12.5.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
libprotobuf-lite25_1_0-25.1-150500.12.5.1
libprotobuf25_1_0-25.1-150500.12.5.1
libprotoc25_1_0-25.1-150500.12.5.1
SUSE Linux Enterprise Module for Development Tools 15 SP5
libprotoc25_1_0-25.1-150500.12.5.1
protobuf-devel-25.1-150500.12.5.1
SUSE Linux Enterprise Module for Public Cloud 15 SP5
libprotoc25_1_0-25.1-150500.12.5.1
SUSE Linux Enterprise Module for Python 3 15 SP5
python311-protobuf-4.25.1-150500.12.5.1
openSUSE Leap 15.5
libprotobuf-lite25_1_0-25.1-150500.12.5.1
libprotobuf-lite25_1_0-32bit-25.1-150500.12.5.1
libprotobuf25_1_0-25.1-150500.12.5.1
libprotobuf25_1_0-32bit-25.1-150500.12.5.1
libprotoc25_1_0-25.1-150500.12.5.1
libprotoc25_1_0-32bit-25.1-150500.12.5.1
protobuf-devel-25.1-150500.12.5.1
protobuf-java-25.1-150500.12.5.1
python311-protobuf-4.25.1-150500.12.5.1
openSUSE Leap Micro 5.5
libprotobuf-lite25_1_0-25.1-150500.12.5.1
Ссылки
- Link for SUSE-SU-2024:3747-1
- E-Mail link for SUSE-SU-2024:3747-1
- SUSE Security Ratings
- SUSE Bug 1230778
- SUSE CVE CVE-2024-7254 page
Описание
Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.
Затронутые продукты
Image SLES15-SP5-Azure-3P:python311-protobuf-4.25.1-150500.12.5.1
Image SLES15-SP5-Azure-Basic:python311-protobuf-4.25.1-150500.12.5.1
Image SLES15-SP5-Azure-Standard:python311-protobuf-4.25.1-150500.12.5.1
Image SLES15-SP5-BYOS-Azure:python311-protobuf-4.25.1-150500.12.5.1
Ссылки
- CVE-2024-7254
- SUSE Bug 1230778