SUSE: 2024:0912-2 Critical: OpenSSL Remote Vulnerability Patch
suse
February 21, 2024
* bsc#1217174 * bsc#1217181 * bsc#1217782 * bsc#1219341 * bsc#1219342
Summary
## This update for python-aiohttp, python-time-machine fixes the following issues: python-aiohttp was updated to version 3.9.3: * Fixed backwards compatibility breakage (in 3.9.2) of `ssl` parameter when set outside of `ClientSession` (e.g. directly in `TCPConnector`) * Improved test suite handling of paths and temp files to consistently use pathlib and pytest fixtures. From version 3.9.2 (bsc#1219341, CVE-2024-23334, bsc#1219342, CVE-2024-23829): * Fixed server-side websocket connection leak. * Fixed `web.FileResponse` doing blocking I/O in the event loop. * Fixed double compress when compression enabled and compressed file exists in server file responses. * Added runtime type check for `ClientSession` `timeout` parameter.
References
* bsc#1217174
* bsc#1217181
* bsc#1217782
* bsc#1219341
* bsc#1219342
Cross-
* CVE-2023-47627
* CVE-2023-47641
* CVE-2024-23334
* CVE-2024-23829
CVSS scores:
* CVE-2023-47627 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-47627 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-47641 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2023-47641 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2024-23334 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-23334 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-23829 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2024:0577-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!