openSUSE-SU-2026:20122-1

Опубликовано: 28 янв. 2026

Источник: suse-cvrf

Описание

Security update for python-h2

This update for python-h2 fixes the following issues:

CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers (bsc#1248737)

Список пакетов

openSUSE Leap 16.0

python313-h2-4.2.0-160000.3.1

Ссылки

https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1248737
SUSE Bug 1248737
https://www.suse.com/security/cve/CVE-2025-57804/
SUSE CVE CVE-2025-57804 page

Описание

h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0.

Затронутые продукты

openSUSE Leap 16.0:python313-h2-4.2.0-160000.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-57804.html
CVE-2025-57804
https://bugzilla.suse.com/1248737
SUSE Bug 1248737

openSUSE-SU-2026:20122-1

Описание

Список пакетов

openSUSE Leap 16.0

Ссылки

Уязвимость: CVE-2025-57804

Описание

Затронутые продукты

Ссылки