This update for python-aiosmtpd fixes the following issues:
- CVE-2024-34083: Fixed MiTM attack could inject extra unencrypted
commands after STARTTLS (boo#1224467)
- CVE-2024-27305: Fixed SMTP smuggling (boo#1221328)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2024-243=1
- openSUSE Backports SLE-15-SP5 (noarch):
python3-aiosmtpd-1.2.1-bp155.3.3.1
https://www.suse.com/security/cve/CVE-2024-27305.html
https://www.suse.com/security/cve/CVE-2024-34083.html
https://bugzilla.suse.com/1221328
https://bugzilla.suse.com/1224467
Get the latest Linux and open source security news straight to your inbox.