SUSE-SU-2024:4110-1

MEDIUM5.3

Security update for python-aiohttp

Published Nov 29, 2024

Modified 1 years ago

Fix available

Details

Description of the patch:

This update for python-aiohttp fixes the following issues:

CVE-2024-52304: Fixed request smuggling due to incorrect parsing of chunk extensions (bsc#1233447)

Affected Packages

python-aiohttp-doc

SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2SUSE Linux Enterprise Module for Public Cloud 15 SP2SUSE Linux Enterprise Server 15 SP2SUSE Linux Enterprise Server for SAP Applications 15 SP2

Fixed in:

3.6.0-150100.3.18.1

python3-aiohttp

SUSE Enterprise Storage 7SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP2SUSE Linux Enterprise High Performance Computing 15 SP3SUSE Linux Enterprise High Performance Computing 15 SP4

Fixed in:

3.6.0-150100.3.18.1

References

ADVISORY

https://bugzilla.suse.com/1233447

ADVISORY

https://lists.suse.com/pipermail/sle-security-updates/2024-November/019875.html

ADVISORY

https://www.suse.com/security/cve/CVE-2024-52304/

WEB

https://www.suse.com/support/security/rating/

ADVISORY