SUSE-SU-2023:4909-1

MEDIUM5.4

Security update for python-aiohttp

Published Dec 19, 2023

Modified 2 years ago

Fix available

Details

Description of the patch:

This update for python-aiohttp fixes the following issues:

CVE-2023-47641: Fixed inconsistent interpretation of the http protocol, if content-length and transport-encoding are in the same header with transport-encoding value of 'chunked*' (bsc#1217174)

Affected Packages

python-aiohttp-doc

SUSE Enterprise Storage 6SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP1SUSE Linux Enterprise High Performance Computing 15 SP2SUSE Linux Enterprise Module for Public Cloud 15 SP1

Fixed in:

3.6.0-150100.3.12.1

python3-aiohttp

SUSE Enterprise Storage 6SUSE Enterprise Storage 7SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP1SUSE Linux Enterprise High Performance Computing 15 SP2

Fixed in:

3.6.0-150100.3.12.1

References

ADVISORY

https://bugzilla.suse.com/1217174

ADVISORY

https://lists.suse.com/pipermail/sle-security-updates/2023-December/017488.html

ADVISORY

https://www.suse.com/security/cve/CVE-2023-47641/

WEB

https://www.suse.com/support/security/rating/

ADVISORY