Alerts This Week
Warning Icon 1 1,123
Alerts This Week
Warning Icon 1 1,123

Fedora 40: FEDORA-2024-04ceb82dc7 moderate: python-aiohttp exploit risk

fedora
Calendar Grey November 28, 2024
Dist Fedora Esm H88
Fedora has rolled out patches for python-aiohttp addressing CVE-2024-52304, significantly improving the framework's security posture.
Security fix for CVE-2024-52304

Summary

Python HTTP client/server for asyncio which supports both the client and the

server side of the HTTP protocol, client and server websocket, and webservers

with middlewares and pluggable routing.

Update Information:

Security fix for CVE-2024-52304

Topics%20covered

Topics Covered

security advisory update Fedora security fix request smuggling python-aiohttp CVE-2024-52304

Change Log

* Tue Nov 19 2024 Benjamin A. Beasley - 3.9.5-2 - Security fix for CVE-2024-52304 (fixes RHBZ#2327154)

References


[ 1 ] Bug #2327154 - CVE-2024-52304 python-aiohttp: aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2327154

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-04ceb82dc7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Name: python-aiohttp
Product: Fedora 40
Version: 3.9.5
Release: 2.fc40
URL: https://github.com/aio-libs/aiohttp
Summary: Python HTTP client/server for asyncio

Topics%20covered

Topics Covered

security advisory update Fedora security fix request smuggling python-aiohttp CVE-2024-52304

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here