SUSE-SU-2024:4328-1

Опубликовано: 16 дек. 2024

Источник: suse-cvrf

Описание

Security update for python-aiohttp

This update for python-aiohttp fixes the following issues:

CVE-2024-30251: Fixed infinite loop on specially crafted POST request (bsc#1223726).

Список пакетов

Image SLES15-SP3-BYOS-Azure

python3-aiohttp-3.6.0-150100.3.21.1

Image SLES15-SP3-HPC-BYOS-Azure

python3-aiohttp-3.6.0-150100.3.21.1

Image SLES15-SP3-SAP-BYOS-Azure

python3-aiohttp-3.6.0-150100.3.21.1

Image SLES15-SP3-SAPCAL-Azure

python3-aiohttp-3.6.0-150100.3.21.1

SUSE Linux Enterprise Module for Public Cloud 15 SP2

python-aiohttp-doc-3.6.0-150100.3.21.1

python3-aiohttp-3.6.0-150100.3.21.1

SUSE Linux Enterprise Module for Public Cloud 15 SP3

python3-aiohttp-3.6.0-150100.3.21.1

SUSE Linux Enterprise Module for Public Cloud 15 SP4

python3-aiohttp-3.6.0-150100.3.21.1

SUSE Linux Enterprise Module for Public Cloud 15 SP5

python3-aiohttp-3.6.0-150100.3.21.1

SUSE Linux Enterprise Module for Public Cloud 15 SP6

python3-aiohttp-3.6.0-150100.3.21.1

openSUSE Leap 15.5

python-aiohttp-doc-3.6.0-150100.3.21.1

python3-aiohttp-3.6.0-150100.3.21.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20244328-1/
Link for SUSE-SU-2024:4328-1
https://lists.suse.com/pipermail/sle-security-updates/2024-December/020006.html
E-Mail link for SUSE-SU-2024:4328-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1223726
SUSE Bug 1223726
https://www.suse.com/security/cve/CVE-2024-30251/
SUSE CVE CVE-2024-30251 page

Описание

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further requests. An attacker can stop the application from serving requests after sending a single request. This issue has been addressed in version 3.9.4. Users are advised to upgrade. Users unable to upgrade may manually apply a patch to their systems. Please see the linked GHSA for instructions.

Затронутые продукты

Image SLES15-SP3-BYOS-Azure:python3-aiohttp-3.6.0-150100.3.21.1

Image SLES15-SP3-HPC-BYOS-Azure:python3-aiohttp-3.6.0-150100.3.21.1

Image SLES15-SP3-SAP-BYOS-Azure:python3-aiohttp-3.6.0-150100.3.21.1

Image SLES15-SP3-SAPCAL-Azure:python3-aiohttp-3.6.0-150100.3.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-30251.html
CVE-2024-30251
https://bugzilla.suse.com/1223726
SUSE Bug 1223726

SUSE-SU-2024:4328-1

Описание

Список пакетов

Image SLES15-SP3-BYOS-Azure

Image SLES15-SP3-HPC-BYOS-Azure

Image SLES15-SP3-SAP-BYOS-Azure

Image SLES15-SP3-SAPCAL-Azure

SUSE Linux Enterprise Module for Public Cloud 15 SP2

SUSE Linux Enterprise Module for Public Cloud 15 SP3

SUSE Linux Enterprise Module for Public Cloud 15 SP4

SUSE Linux Enterprise Module for Public Cloud 15 SP5

SUSE Linux Enterprise Module for Public Cloud 15 SP6

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2024-30251

Описание

Затронутые продукты

Ссылки