SUSE SLED15 / SLES15 Security Update : python-gevent (SUSE-SU-2023:4091-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4091-1 advisory. - An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the...

SUSE: Security Advisory (SUSE-SU-2023:4091-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:4091-1 Security update for python-gevent

This update for python-gevent fixes the following issues: - CVE-2023-41419: Fixed a http request smuggling bsc1215469...

SUSE-SU-2023:4009-1 Security update for python-gevent

This update for python-gevent fixes the following issues: - CVE-2023-41419: Fixed a http request smuggling bsc1215469...

SUSE-SU-2023:3975-1 Security update for python-gevent

This update for python-gevent fixes the following issues: - CVE-2023-41419: Fixed a http request smuggling bsc1215469...

OESA-2023-1699 python-gevent security update

gevent is a coroutine -based Python networking library that uses greenlet to provide a high-level synchronous API on top of the libev or libuv event loop. Security Fixes: An issue in Gevent Gevent before version 23.9.1 allows a remote attacker to escalate privileges via a crafted script to the...

OESA-2023-1697 python-gevent security update

gevent is a coroutine -based Python networking library that uses greenlet to provide a high-level synchronous API on top of the libev or libuv event loop. Security Fixes: An issue in Gevent Gevent before version 23.9.1 allows a remote attacker to escalate privileges via a crafted script to the...

AZL-30058 CVE-2023-41419 affecting package python-gevent for versions less than 1.3.6-9

An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component...

AZL-28597 CVE-2020-22217 affecting package python-gevent for versions less than 21.1.2-1

Buffer overflow vulnerability in c-ares before 1161 thru 1170 via function aresparsesoareply in aresparsesoareply.c...

AZL-26942 CVE-2023-32067 affecting package python-gevent for versions less than 21.1.2-3

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful...

AZL-26941 CVE-2023-31130 affecting package python-gevent for versions less than 21.1.2-3

c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to...

AZL-26876 CVE-2023-31147 affecting package python-gevent for versions less than 21.1.2-3

c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...

AZL-13828 CVE-2022-4904 affecting package python-gevent for versions less than 21.1.2-3

A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity...

AZL-32282 CVE-2021-22931 affecting package python-gevent for versions less than 21.1.2-3

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames leading to Domain Hijacking and injection...

AZL-32281 CVE-2020-8277 affecting package python-gevent for versions less than 21.1.2-3

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions 15.2.1, 14.15.1, and 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and...

python-gevent bug fix and enhancement update

An update is available for python-gevent. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linu...