openSUSE-SU-2024:0082-1

Опубликовано: 15 мар. 2024

Источник: suse-cvrf

Описание

Security update for python-rpyc

This update for python-rpyc fixes the following issues:

CVE-2024-27758: Fixed remote code execution via exposed methods (boo#1221331).

Список пакетов

SUSE Package Hub 15 SP5

python3-rpyc-4.1.5-bp155.3.3.1

openSUSE Leap 15.5

python3-rpyc-4.1.5-bp155.3.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AQXPI4PTGO5Y3OJPY3PCERYEYZAUX2VW/
E-Mail link for openSUSE-SU-2024:0082-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1221331
SUSE Bug 1221331
https://www.suse.com/security/cve/CVE-2024-27758/
SUSE CVE CVE-2024-27758 page

Описание

In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution.

Затронутые продукты

SUSE Package Hub 15 SP5:python3-rpyc-4.1.5-bp155.3.3.1

openSUSE Leap 15.5:python3-rpyc-4.1.5-bp155.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-27758.html
CVE-2024-27758
https://bugzilla.suse.com/1221331
SUSE Bug 1221331

openSUSE-SU-2024:0082-1

Описание

Список пакетов

SUSE Package Hub 15 SP5

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2024-27758

Описание

Затронутые продукты

Ссылки