Описание
Security update for python-aiohttp
This update for python-aiohttp fixes the following issues:
- CVE-2024-30251: Fixed infinite loop on specially crafted POST request (bsc#1223726).
Список пакетов
Image SLES15-SP4-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP4-HPC-BYOS
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP4-HPC-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP4-Hardened-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP4-SAP
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP4-SAP-Azure
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP4-SAP-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP4-SAP-Hardened
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP4-SAP-Hardened-Azure
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP4-SAPCAL
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP4-SAPCAL-Azure
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP5-Azure-3P
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP5-Azure-Basic
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP5-Azure-Standard
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP5-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP5-HPC-Azure
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP5-HPC-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP5-Hardened-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP5-SAP-Azure-3P
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP5-SAP-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP5-SAP-Hardened-Azure
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP5-SAPCAL-Azure
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP6-Azure-Basic
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP6-Azure-Standard
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP6-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP6-HPC
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP6-HPC-Azure
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP6-HPC-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP6-Hardened-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP6-SAP-Azure
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP6-SAP-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP6-SAP-Hardened
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP6-SAP-Hardened-Azure
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP6-SAPCAL-Azure
python311-aiohttp-3.9.3-150400.10.30.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
python311-aiohttp-3.9.3-150400.10.30.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
python311-aiohttp-3.9.3-150400.10.30.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4
python311-aiohttp-3.9.3-150400.10.30.1
SUSE Linux Enterprise Module for Python 3 15 SP5
python311-aiohttp-3.9.3-150400.10.30.1
SUSE Linux Enterprise Module for Python 3 15 SP6
python311-aiohttp-3.9.3-150400.10.30.1
SUSE Linux Enterprise Server 15 SP4-LTSS
python311-aiohttp-3.9.3-150400.10.30.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
python311-aiohttp-3.9.3-150400.10.30.1
openSUSE Leap 15.5
python311-aiohttp-3.9.3-150400.10.30.1
openSUSE Leap 15.6
python311-aiohttp-3.9.3-150400.10.30.1
Ссылки
- Link for SUSE-SU-2024:4327-1
- E-Mail link for SUSE-SU-2024:4327-1
- SUSE Security Ratings
- SUSE Bug 1223726
- SUSE CVE CVE-2024-30251 page
Описание
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further requests. An attacker can stop the application from serving requests after sending a single request. This issue has been addressed in version 3.9.4. Users are advised to upgrade. Users unable to upgrade may manually apply a patch to their systems. Please see the linked GHSA for instructions.
Затронутые продукты
Image SLES15-SP4-BYOS-Azure:python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP4-HPC-BYOS-Azure:python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP4-HPC-BYOS:python311-aiohttp-3.9.3-150400.10.30.1
Image SLES15-SP4-Hardened-BYOS-Azure:python311-aiohttp-3.9.3-150400.10.30.1
Ссылки
- CVE-2024-30251
- SUSE Bug 1223726