Описание
Security update for python-h2
This update for python-h2 fixes the following issues:
- CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers (bsc#1248737)
Список пакетов
SUSE Linux Enterprise Module for Python 3 15 SP6
python311-h2-4.1.0-150400.8.6.1
SUSE Linux Enterprise Module for Python 3 15 SP7
python311-h2-4.1.0-150400.8.6.1
openSUSE Leap 15.6
python311-h2-4.1.0-150400.8.6.1
Ссылки
- Link for SUSE-SU-2025:03199-1
- E-Mail link for SUSE-SU-2025:03199-1
- SUSE Security Ratings
- SUSE Bug 1248737
- SUSE CVE CVE-2025-57804 page
Описание
h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0.
Затронутые продукты
SUSE Linux Enterprise Module for Python 3 15 SP6:python311-h2-4.1.0-150400.8.6.1
SUSE Linux Enterprise Module for Python 3 15 SP7:python311-h2-4.1.0-150400.8.6.1
openSUSE Leap 15.6:python311-h2-4.1.0-150400.8.6.1
Ссылки
- CVE-2025-57804
- SUSE Bug 1248737