Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

openSUSE python-aiohttp Important Denial of Service Fix 2026-21098-1

opensuse
Calendar Grey June 30, 2026
Dist Opensuse Esm H88
An important security update for openSUSE addresses 11 issues in python-aiohttp, enhancing protection against attacks.
An update that solves 11 vulnerabilities and has 11 bug fixes can now be installed.

Description

This update for python-aiohttp fixes the following issues

- CVE-2026-22815: insufficient header/trailer handling can cause a denial of service (bsc#1261320).

- CVE-2026-34513: unbounded DNS cache can cause a denial of service (bsc#1261321).

- CVE-2026-34514: content_type parameter manipulation can lead to header Injection (bsc#1261322).

- CVE-2026-34516: excessive multipart headers can cause a denial of service (bsc#1261329).

- CVE-2026-34517: large multipart form fields can cause a denial of service (bsc#1261331).

- CVE-2026-34518: retained Cookie and Proxy-Authorization headers during redirects can lead to information disclosure

(bsc#1261332).

- CVE-2026-34519: reason parameter can be use to perform header injection (bsc#1261334).

- CVE-2026-34520: improper character handling can lead to header injection (bsc#1261335).

- CVE-2026-34525: multiple Host headers can potentially lead to security bypass (bsc#1261343).

- CVE-2026-34993: arbitrary code execution via loading untrusted...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

python313-aiohttp-3.11.16-160000.5.1

References

* bsc#1261320

* bsc#1261321

* bsc#1261322

* bsc#1261329

* bsc#1261331

* bsc#1261332

* bsc#1261334

* bsc#1261335

* bsc#1261343

* bsc#1267471

* bsc#1267561

References:

* https://www.suse.com/security/cve/CVE-2026-22815.html

* https://www.suse.com/security/cve/CVE-2026-34513.html

* https://www.suse.com/security/cve/CVE-2026-34514.html

* https://www.suse.com/security/cve/CVE-2026-34516.html

* https://www.suse.com/security/cve/CVE-2026-34517.html

* https://www.suse.com/security/cve/CVE-2026-34518.html

* https://www.suse.com/security/cve/CVE-2026-34519.html

* https://www.suse.com/security/cve/CVE-2026-34520.html

* https://www.suse.com/security/cve/CVE-2026-34525.html

* https://www.suse.com/security/cve/CVE-2026-34993.html

* https://www.suse.com/security/cve/CVE-2026-47265.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21098-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here