Описание
Security update for python-waitress
This update for python-waitress fixes the following issues:
- CVE-2024-49769: Fixed a denial of service caused by incorrect connection clean up (bsc#1232554)
Список пакетов
SUSE Enterprise Storage 7.1
python3-waitress-1.4.3-150000.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
python3-waitress-1.4.3-150000.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
python3-waitress-1.4.3-150000.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
python3-waitress-1.4.3-150000.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
python3-waitress-1.4.3-150000.3.9.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
python3-waitress-1.4.3-150000.3.9.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
python3-waitress-1.4.3-150000.3.9.1
SUSE Linux Enterprise Module for Package Hub 15 SP5
python2-waitress-1.4.3-150000.3.9.1
SUSE Linux Enterprise Module for Package Hub 15 SP6
python2-waitress-1.4.3-150000.3.9.1
SUSE Linux Enterprise Server 15 SP2-LTSS
python3-waitress-1.4.3-150000.3.9.1
SUSE Linux Enterprise Server 15 SP3-LTSS
python3-waitress-1.4.3-150000.3.9.1
SUSE Linux Enterprise Server 15 SP4-LTSS
python3-waitress-1.4.3-150000.3.9.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
python3-waitress-1.4.3-150000.3.9.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
python3-waitress-1.4.3-150000.3.9.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
python3-waitress-1.4.3-150000.3.9.1
SUSE Manager Proxy 4.3
python3-waitress-1.4.3-150000.3.9.1
SUSE Manager Server 4.3
python3-waitress-1.4.3-150000.3.9.1
openSUSE Leap 15.5
python3-waitress-1.4.3-150000.3.9.1
Ссылки
- Link for SUSE-SU-2024:4107-1
- E-Mail link for SUSE-SU-2024:4107-1
- SUSE Security Ratings
- SUSE Bug 1232554
- SUSE CVE CVE-2024-49769 page
Описание
Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername() waitress won't correctly clean up the connection leading to the main thread attempting to write to a socket that no longer exists, but not removing it from the list of sockets to attempt to process. This leads to a busy-loop calling the write function. A remote attacker could run waitress out of available sockets with very little resources required. Waitress 3.0.1 contains fixes that remove the race condition.
Затронутые продукты
SUSE Enterprise Storage 7.1:python3-waitress-1.4.3-150000.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-waitress-1.4.3-150000.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python3-waitress-1.4.3-150000.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-waitress-1.4.3-150000.3.9.1
Ссылки
- CVE-2024-49769
- SUSE Bug 1232554