Описание
Security update for protobuf
This update for protobuf fixes the following issues:
- CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python json_format.ParseDict (bsc#1257173).
Список пакетов
Image SLES15-SP6
python311-protobuf-4.25.1-150600.16.16.1
Image SLES15-SP6-Azure-3P
python311-protobuf-4.25.1-150600.16.16.1
Image SLES15-SP6-HPC
python311-protobuf-4.25.1-150600.16.16.1
Image SLES15-SP6-HPC-Azure
python311-protobuf-4.25.1-150600.16.16.1
Image SLES15-SP6-HPC-BYOS
python311-protobuf-4.25.1-150600.16.16.1
Image SLES15-SP6-HPC-BYOS-Azure
python311-protobuf-4.25.1-150600.16.16.1
Image SLES15-SP7-Azure-3P
python311-protobuf-4.25.1-150600.16.16.1
Image SLES15-SP7-BYOS-Azure
python311-protobuf-4.25.1-150600.16.16.1
Image SLES15-SP7-Hardened-BYOS-Azure
python311-protobuf-4.25.1-150600.16.16.1
Image SLES15-SP7-SAP-Azure
python311-protobuf-4.25.1-150600.16.16.1
Image SLES15-SP7-SAP-Azure-3P
python311-protobuf-4.25.1-150600.16.16.1
Image SLES15-SP7-SAP-BYOS-Azure
python311-protobuf-4.25.1-150600.16.16.1
Image SLES15-SP7-SAP-Hardened-Azure
python311-protobuf-4.25.1-150600.16.16.1
Image SLES15-SP7-SAP-Hardened-BYOS-Azure
python311-protobuf-4.25.1-150600.16.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
libprotobuf-lite25_1_0-25.1-150600.16.16.1
libprotobuf25_1_0-25.1-150600.16.16.1
libprotoc25_1_0-25.1-150600.16.16.1
SUSE Linux Enterprise Module for Development Tools 15 SP7
protobuf-devel-25.1-150600.16.16.1
SUSE Linux Enterprise Module for Python 3 15 SP7
python311-protobuf-4.25.1-150600.16.16.1
openSUSE Leap 15.6
libprotobuf-lite25_1_0-25.1-150600.16.16.1
libprotobuf-lite25_1_0-32bit-25.1-150600.16.16.1
libprotobuf25_1_0-25.1-150600.16.16.1
libprotobuf25_1_0-32bit-25.1-150600.16.16.1
libprotoc25_1_0-25.1-150600.16.16.1
libprotoc25_1_0-32bit-25.1-150600.16.16.1
protobuf-devel-25.1-150600.16.16.1
protobuf-java-25.1-150600.16.16.1
protobuf-java-bom-25.1-150600.16.16.1
protobuf-java-parent-25.1-150600.16.16.1
python311-protobuf-4.25.1-150600.16.16.1
Ссылки
- Link for SUSE-SU-2026:0374-1
- E-Mail link for SUSE-SU-2026:0374-1
- SUSE Security Ratings
- SUSE Bug 1257173
- SUSE CVE CVE-2026-0994 page
Описание
A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python's recursion stack and causing a RecursionError.
Затронутые продукты
Image SLES15-SP6-Azure-3P:python311-protobuf-4.25.1-150600.16.16.1
Image SLES15-SP6-HPC-Azure:python311-protobuf-4.25.1-150600.16.16.1
Image SLES15-SP6-HPC-BYOS-Azure:python311-protobuf-4.25.1-150600.16.16.1
Image SLES15-SP6-HPC-BYOS:python311-protobuf-4.25.1-150600.16.16.1
Ссылки
- CVE-2026-0994
- SUSE Bug 1257173