openSUSE-SU-2024:0149-1

Опубликовано: 03 июн. 2024

Источник: suse-cvrf

Описание

Security update for python-python-jose

This update for python-python-jose fixes the following issues:

CVE-2024-33664: Fixed a denial of service via decoding of a JSON Web Encryption token with a high compression ratio (boo#1223422)

Список пакетов

SUSE Package Hub 15 SP5

python3-python-jose-3.0.1-bp155.3.6.1

openSUSE Leap 15.5

python3-python-jose-3.0.1-bp155.3.6.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UVCLFV5BBDGCEQHAF5JUYYFSZFDLN3GJ/
E-Mail link for openSUSE-SU-2024:0149-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1223422
SUSE Bug 1223422
https://www.suse.com/security/cve/CVE-2024-33664/
SUSE CVE CVE-2024-33664 page

Описание

python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319.

Затронутые продукты

SUSE Package Hub 15 SP5:python3-python-jose-3.0.1-bp155.3.6.1

openSUSE Leap 15.5:python3-python-jose-3.0.1-bp155.3.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-33664.html
CVE-2024-33664
https://bugzilla.suse.com/1223422
SUSE Bug 1223422

openSUSE-SU-2024:0149-1

Описание

Список пакетов

SUSE Package Hub 15 SP5

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2024-33664

Описание

Затронутые продукты

Ссылки