SUSE-SU-2026:0307-1

Опубликовано: 27 янв. 2026

Источник: suse-cvrf

Описание

Security update for python-python-multipart

This update for python-python-multipart fixes the following issues:

CVE-2026-24486: Fixed non-default configuration options can lead to path traversal (bsc#1257301).

Список пакетов

openSUSE Leap 15.6

python311-python-multipart-0.0.9-150600.3.6.1

Ссылки

https://www.suse.com/support/update/announcement/2026/suse-su-20260307-1/
Link for SUSE-SU-2026:0307-1
https://lists.suse.com/pipermail/sle-security-updates/2026-January/023927.html
E-Mail link for SUSE-SU-2026:0307-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1257301
SUSE Bug 1257301
https://www.suse.com/security/cve/CVE-2026-24486/
SUSE CVE CVE-2026-24486 page

Описание

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting a malicious filename. Users should upgrade to version 0.0.22 to receive a patch or, as a workaround, avoid using `UPLOAD_KEEP_FILENAME=True` in project configurations.

Затронутые продукты

openSUSE Leap 15.6:python311-python-multipart-0.0.9-150600.3.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2026-24486.html
CVE-2026-24486
https://bugzilla.suse.com/1257301
SUSE Bug 1257301

SUSE-SU-2026:0307-1

Описание

Список пакетов

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2026-24486

Описание

Затронутые продукты

Ссылки