Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

suse-cvrf Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

SUSE-SU-2024:4110-1

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 29 нояб. 2024
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: suse-cvrf

ОписаниС

Security update for python-aiohttp

This update for python-aiohttp fixes the following issues:

  • CVE-2024-52304: Fixed request smuggling due to incorrect parsing of chunk extensions (bsc#1233447)

Бписок ΠΏΠ°ΠΊΠ΅Ρ‚ΠΎΠ²

Image SLES15-SP3-BYOS-Azure
python3-aiohttp-3.6.0-150100.3.18.1
Image SLES15-SP3-HPC-BYOS-Azure
python3-aiohttp-3.6.0-150100.3.18.1
Image SLES15-SP3-SAP-BYOS-Azure
python3-aiohttp-3.6.0-150100.3.18.1
Image SLES15-SP3-SAPCAL-Azure
python3-aiohttp-3.6.0-150100.3.18.1
SUSE Linux Enterprise Module for Public Cloud 15 SP2
python-aiohttp-doc-3.6.0-150100.3.18.1
python3-aiohttp-3.6.0-150100.3.18.1
SUSE Linux Enterprise Module for Public Cloud 15 SP3
python3-aiohttp-3.6.0-150100.3.18.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4
python3-aiohttp-3.6.0-150100.3.18.1
SUSE Linux Enterprise Module for Public Cloud 15 SP5
python3-aiohttp-3.6.0-150100.3.18.1
SUSE Linux Enterprise Module for Public Cloud 15 SP6
python3-aiohttp-3.6.0-150100.3.18.1
openSUSE Leap 15.5
python-aiohttp-doc-3.6.0-150100.3.18.1
python3-aiohttp-3.6.0-150100.3.18.1

Бсылки

ОписаниС

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or `AIOHTTP_NO_EXTENSIONS` is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.10.11 fixes the issue.

Π—Π°Ρ‚Ρ€ΠΎΠ½ΡƒΡ‚Ρ‹Π΅ ΠΏΡ€ΠΎΠ΄ΡƒΠΊΡ‚Ρ‹
Image SLES15-SP3-BYOS-Azure:python3-aiohttp-3.6.0-150100.3.18.1
Image SLES15-SP3-HPC-BYOS-Azure:python3-aiohttp-3.6.0-150100.3.18.1
Image SLES15-SP3-SAP-BYOS-Azure:python3-aiohttp-3.6.0-150100.3.18.1
Image SLES15-SP3-SAPCAL-Azure:python3-aiohttp-3.6.0-150100.3.18.1
Бсылки
Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ SUSE-SU-2024:4110-1