Описание
Security update for python-aiohttp
This update for python-aiohttp fixes the following issues:
- CVE-2024-52304: Fixed request smuggling due to incorrect parsing of chunk extensions (bsc#1233447)
Список пакетов
Image SLES15-SP4-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP4-HPC-BYOS
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP4-HPC-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP4-Hardened-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP4-SAP
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP4-SAP-Azure
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP4-SAP-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP4-SAP-Hardened
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP4-SAP-Hardened-Azure
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP4-SAPCAL
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP4-SAPCAL-Azure
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP5-Azure-3P
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP5-Azure-Basic
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP5-Azure-Standard
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP5-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP5-HPC-Azure
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP5-HPC-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP5-Hardened-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP5-SAP-Azure-3P
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP5-SAP-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP5-SAP-Hardened-Azure
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP5-SAPCAL-Azure
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP6-Azure-Basic
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP6-Azure-Standard
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP6-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP6-HPC
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP6-HPC-Azure
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP6-HPC-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP6-Hardened-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP6-SAP-Azure
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP6-SAP-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP6-SAP-Hardened
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP6-SAP-Hardened-Azure
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP6-SAPCAL-Azure
python311-aiohttp-3.9.3-150400.10.27.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4
python311-aiohttp-3.9.3-150400.10.27.1
SUSE Linux Enterprise Module for Python 3 15 SP5
python311-aiohttp-3.9.3-150400.10.27.1
SUSE Linux Enterprise Module for Python 3 15 SP6
python311-aiohttp-3.9.3-150400.10.27.1
openSUSE Leap 15.5
python311-aiohttp-3.9.3-150400.10.27.1
openSUSE Leap 15.6
python311-aiohttp-3.9.3-150400.10.27.1
Ссылки
- Link for SUSE-SU-2024:4077-1
- E-Mail link for SUSE-SU-2024:4077-1
- SUSE Security Ratings
- SUSE Bug 1233447
- SUSE CVE CVE-2024-52304 page
Описание
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or `AIOHTTP_NO_EXTENSIONS` is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.10.11 fixes the issue.
Затронутые продукты
Image SLES15-SP4-BYOS-Azure:python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP4-HPC-BYOS-Azure:python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP4-HPC-BYOS:python311-aiohttp-3.9.3-150400.10.27.1
Image SLES15-SP4-Hardened-BYOS-Azure:python311-aiohttp-3.9.3-150400.10.27.1
Ссылки
- CVE-2024-52304
- SUSE Bug 1233447