Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

openSUSE: 2023:0374-1 Moderate: yt-dlp MitM Threat Patch

opensuse
Calendar Grey November 18, 2023
Dist Opensuse Esm H88
A new release for yt-dlp tackles concerns, notably a moderate intensity risk of proxy code injection. Suggested measures have been provided.
An update that fixes two vulnerabilities is now available

Description

This update for yt-dlp fixes the following issues:

- Update to release 2023.11.14

* Security: [CVE-2023-46121] Patch Generic Extractor MITM Vulnerability

via Arbitrary Proxy Injection

* Disallow smuggling of arbitrary http_headers; extractors now

only use specific headers

- Make yt-dlp require the one pythonXX-yt-dlp that /usr/bin/yt-dlp was

built with.

- Rework Python build procedure [boo#1216467]

- Enable Python library [boo#1216467]

- Update to release 2023.10.13

* youtube: fix some bug with --extractor-retries inf

- Update to release 2023.10.07

* yt: Fix heatmap extraction

* yt: Raise a warning for Incomplete Data instead of an error

- Update to release 2023.09.24

* Extract subtitles from SMIL manifests

* fb: Add dash manifest URL

* crunchyroll: Remove initial state extraction

* youtube: Add player_params extractor arg

- remove suggests on brotlicffi - this is only for != cpython

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate severity security patch openSUSE mitm threat yt-dlp

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP5:

zypper in -t patch openSUSE-2023-374=1

Package List

- openSUSE Backports SLE-15-SP5 (noarch):

python311-yt-dlp-2023.11.14-bp155.3.3.1

yt-dlp-2023.11.14-bp155.3.3.1

yt-dlp-bash-completion-2023.11.14-bp155.3.3.1

yt-dlp-fish-completion-2023.11.14-bp155.3.3.1

yt-dlp-zsh-completion-2023.11.14-bp155.3.3.1

References

https://www.suse.com/security/cve/CVE-2023-35934.html

https://www.suse.com/security/cve/CVE-2023-46121.html

https://bugzilla.suse.com/1213124

https://bugzilla.suse.com/1216467

Announcement ID: openSUSE-SU-2023:0374-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP5 .

Topics%20covered

Topics Covered

security advisory moderate severity security patch openSUSE mitm threat yt-dlp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here