Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 39: FEDORA-2024-f249b74f03 Critical: Aiohttp Request Smuggling

fedora
Calendar Grey February 5, 2024
Dist Fedora Esm H88
The latest release of python-aiohttp tackles significant security concerns, addressing both directory traversal and request smuggling vulnerabilities.

Security update for CVE-2024-23334 and CVE-2024-23829 libs/aio http/releases/tag/v3.9.2 libs/aiohttp/releases/tag/v3.9.3

Summary

Python HTTP client/server for asyncio which supports both the client and the

server side of the HTTP protocol, client and server websocket, and webservers

with middlewares and pluggable routing.

Update Information:

Security update for CVE-2024-23334 and CVE-2024-23829 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.2 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.3

Topics%20covered

Topics Covered

security advisory Fedora directory traversal critical update request smuggling python-aiohttp

Change Log

* Tue Jan 30 2024 Benjamin A. Beasley - 3.9.3-1 - Update to 3.9.3, security update for CVE-2024-23334 and CVE-2024-23829 (fix RHBZ#2261891, fix RHBZ#2261910) * Tue Jan 30 2024 Benjamin A. Beasley - 3.9.1-4 - Skip a couple of spurious or insignificant test failures (close RHBZ#2261544) * Fri Jan 26 2024 Fedora Release Engineering - 3.9.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering - 3.9.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

References


[ 1 ] Bug #2261887 - CVE-2024-23334 aiohttp: follow_symlinks directory traversal vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=2261887 [ 2 ] Bug #2261909 - CVE-2024-23829 python-aiohttp: http request smuggling https://bugzilla.redhat.com/show_bug.cgi?id=2261909

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-f249b74f03' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: python-aiohttp
Product: Fedora 39
Version: 3.9.3
Release: 1.fc39
URL: https://github.com/aio-libs/aiohttp
Summary: Python HTTP client/server for asyncio

Topics%20covered

Topics Covered

security advisory Fedora directory traversal critical update request smuggling python-aiohttp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here