SUSE-SU-2024:4396-1

MEDIUM6.1

Security update for python-aiohttp

Published Dec 20, 2024

Modified 1 years ago

Fix available

Details

Description of the patch:

This update for python-aiohttp fixes the following issues:

CVE-2024-27306: filenames and paths not escaped when generating index pages for static file handling. (bsc#1223098)

Affected Packages

python-aiohttp-doc

SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2SUSE Linux Enterprise Module for Public Cloud 15 SP2SUSE Linux Enterprise Server 15 SP2SUSE Linux Enterprise Server for SAP Applications 15 SP2

Fixed in:

3.6.0-150100.3.24.1

python3-aiohttp

SUSE Enterprise Storage 7SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP2SUSE Linux Enterprise High Performance Computing 15 SP3SUSE Linux Enterprise High Performance Computing 15 SP4

Fixed in:

3.6.0-150100.3.24.1

References

ADVISORY

https://bugzilla.suse.com/1223098

ADVISORY

https://lists.suse.com/pipermail/sle-security-updates/2024-December/020042.html

ADVISORY

https://www.suse.com/security/cve/CVE-2024-27306/

WEB

https://www.suse.com/support/security/rating/

ADVISORY