Debian Linux Security Advisory 5818-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5818-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
November 24, 2024                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : linux  
CVE ID         : CVE-2022-45888 CVE-2023-52812 CVE-2024-26952 CVE-2024-26954  
                 CVE-2024-35964 CVE-2024-36244 CVE-2024-36478 CVE-2024-36914  
                 CVE-2024-36915 CVE-2024-36923 CVE-2024-38540 CVE-2024-38553  
                 CVE-2024-41080 CVE-2024-42322 CVE-2024-43868 CVE-2024-43904  
                 CVE-2024-43911 CVE-2024-44949 CVE-2024-49950 CVE-2024-49960  
                 CVE-2024-49974 CVE-2024-49986 CVE-2024-49991 CVE-2024-50012  
                 CVE-2024-50036 CVE-2024-50067 CVE-2024-50072 CVE-2024-50126  
                 CVE-2024-50215 CVE-2024-50218 CVE-2024-50228 CVE-2024-50229  
                 CVE-2024-50230 CVE-2024-50232 CVE-2024-50233 CVE-2024-50234  
                 CVE-2024-50235 CVE-2024-50236 CVE-2024-50237 CVE-2024-50242  
                 CVE-2024-50243 CVE-2024-50244 CVE-2024-50245 CVE-2024-50247  
                 CVE-2024-50249 CVE-2024-50250 CVE-2024-50251 CVE-2024-50252  
                 CVE-2024-50255 CVE-2024-50256 CVE-2024-50257 CVE-2024-50259  
                 CVE-2024-50261 CVE-2024-50262 CVE-2024-50264 CVE-2024-50265  
                 CVE-2024-50267 CVE-2024-50268 CVE-2024-50269 CVE-2024-50271  
                 CVE-2024-50272 CVE-2024-50273 CVE-2024-50276 CVE-2024-50278  
                 CVE-2024-50279 CVE-2024-50280 CVE-2024-50282 CVE-2024-50283  
                 CVE-2024-50284 CVE-2024-50286 CVE-2024-50287 CVE-2024-50290  
                 CVE-2024-50292 CVE-2024-50295 CVE-2024-50296 CVE-2024-50299  
                 CVE-2024-50301 CVE-2024-50302 CVE-2024-53042 CVE-2024-53043  
                 CVE-2024-53052 CVE-2024-53054 CVE-2024-53055 CVE-2024-53057  
                 CVE-2024-53058 CVE-2024-53059 CVE-2024-53060 CVE-2024-53061  
                 CVE-2024-53063 CVE-2024-53066 CVE-2024-53070 CVE-2024-53072  
                 CVE-2024-53081 CVE-2024-53082 CVE-2024-53088 CVE-2024-53093

Several vulnerabilities have been discovered in the Linux kernel that  
may lead to a privilege escalation, denial of service or information  
leaks.

For the stable distribution (bookworm), these problems have been fixed in  
version 6.1.119-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmdDS8lfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0QwLw/+OVgV3FTBaH3iV5PLBx/mLJH6xhNQeHzzlQXnREHfueWblf9QSCjRGHkl  
3ZlIvTKIEp7K5mNjqLBzbDjRNWijJdcDPqEp8dVET9Xwvht6AOX3C/oZpIPlLKkf  
ei0vJSUVIselsK5WfndPi19gR/Y0asKUF+XK47nchELEkZX9r+Mv36yib4z2z4b8  
K0iUtpInS5krLrqHTJbo8tJZ69C7a+U12KYGhzbDFSGM39mDhKWQ/gmloxjXHu8K  
sS84Z4SwWMll1pcjfiFVeD669zUS/VHR8Y34s2pjPwqqIejDORUZbFc6FQhP+Vk6  
PJVAAPWv0n39Ag1gQ21/BQis+b2CcC9CHWuMaG6ELQ/8HmcTCQkCOwzCCPN2woMy  
mLLK2gR6hEU+zuBs4Pg7jvdAeznbCmG28WfR9FO+WO410rWc7+IL5vcbGDGUVNu2  
vIq+R6GKqUC+6maOxc78NKFuU0c09hvK6UHiTuFlFScSI1vhg8mIxSbwWEpVlDA/  
dRXWkGneZ+2/gqUBGK31X295irixsNjvjjipMB4K28WSqeaQdJh2IMgIViL05/TL  
4jJELIIpcizck336YsfY9Ylfc0lqdqumbzZnM3ifm3nGeOc6zK5bZmn5YLxju/qk  
xmj6u8WD5je+Dm8OCWWF22SPNSJ3xoaqchKKQSYwow3G1nqEqKI=  
=lqjj  
-----END PGP SIGNATURE-----

Debian Security Advisory 5818-1

Debian Linux Security Advisory 5817-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5817-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonNovember 23, 2024                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-11110 CVE-2024-11111 CVE-2024-11112 CVE-2024-11113                  CVE-2024-11114 CVE-2024-11115 CVE-2024-11116 CVE-2024-11117                  CVE-2024-11395Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 131.0.6778.85-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmdBrIQACgkQZF0CR8NudjdsBw/+J+eOgiIrU4hNq1Fk3HAontTf7sOIp3snoI5FvNnZ9oZT8qFbRJ+cfj17S2ZijYGoZKaqydWQgO/kh6eL/k7mHpM0KYLlALxaGevLxh3M4eJx8Il83YKVtx23Eh6G6YZ8itXZXb+E0f7jNRRAWb6S6OCwImk6incDq4k48IdB3zKKOzCTZQBb7vr1OaP+4kbjGgzGy9vv+iYNgE4sBHa3MOmIqZ4zcDxazK7ypw6W0M7UW6raeFI+pjK3nh4rjgy/UpK0u+wpRprif53rC7D5qP9vRO7wnRajw2pUoovFl+1bnpi8njwK3JbZom5ARWozEtT2nfef1nmtyXUQ5bjcKlQTW5kxrqMNwXyzCxB3N7ln1l09ubaA7TdYj0TxNQiNimeGnTULrkMTKcs1d077dZZ6XTZAUrwVZiJn8V4QxaCW3Ype7hgPsd/edRJMZT5G+J2vB86WBmKt0FyKD2fmRUuq2DGqCnbd3+5A/3krQBcwgHXAHyxkJpLWNs1bdcRlOac6BKe1N7oZeJKtofhfwRrmhilDCM85Q4OcxOY2VeSuxMEPtw6hAUoYwiuhUS4hT2DUmevPu/XtkoNE/X0WoJ9cN+hlOxqfjzhXlcyJiGk36BYKhE+KJvUsOfB5N8TqUEzGGbvOyXDy7QGsCUZJ+BwjOGKFh45L0Nb4dexvsL4==J21V-----END PGP SIGNATURE-----

Debian Security Advisory 5817-1

Red Hat Security Advisory 2024-9991-03 - An update for openstack-tripleo-common and python-tripleoclient is now available for Red Hat OpenStack Platform 17.1.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9991.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: RHOSP 17.1.4 (openstack-tripleo-common and python-tripleoclient) security updateAdvisory ID:        RHSA-2024:9991-03Product:            Red Hat OpenStack PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:9991Issue date:         2024-11-25Revision:           03CVE Names:          CVE-2024-8007====================================================================Summary: An update for openstack-tripleo-common and python-tripleoclient is nowavailable for Red Hat OpenStack Platform (RHOSP) 17.1 (Wallaby).Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.Description:Python library for code used by TripleO projectsa Python TripleOClient for Openstack DirectorSecurity Fix(es):* RHOSP Director Disables TLS Verification for Registry Mirrors(CVE-2024-8007)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-8007References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2258093https://bugzilla.redhat.com/show_bug.cgi?id=2294406https://bugzilla.redhat.com/show_bug.cgi?id=2305975

Red Hat Security Advisory 2024-9991-03

Red Hat Security Advisory 2024-9990-03 - An update for openstack-tripleo-common and python-tripleoclient is now available for Red Hat OpenStack Platform 17.1.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9990.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: RHOSP 17.1.4 (openstack-tripleo-common and python-tripleoclient) security updateAdvisory ID:        RHSA-2024:9990-03Product:            Red Hat OpenStack PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:9990Issue date:         2024-11-25Revision:           03CVE Names:          CVE-2024-8007====================================================================Summary: An update for openstack-tripleo-common and python-tripleoclient is nowavailable for Red Hat OpenStack Platform (RHOSP) 17.1 (Wallaby).Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.Description:Python library for code used by TripleO projectsa Python TripleOClient for Openstack DirectorSecurity Fix(es):* RHOSP Director Disables TLS Verification for Registry Mirrors(CVE-2024-8007)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-8007References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2213408https://bugzilla.redhat.com/show_bug.cgi?id=2251692https://bugzilla.redhat.com/show_bug.cgi?id=2259470https://bugzilla.redhat.com/show_bug.cgi?id=2272202https://bugzilla.redhat.com/show_bug.cgi?id=2279328https://bugzilla.redhat.com/show_bug.cgi?id=2292699https://bugzilla.redhat.com/show_bug.cgi?id=2295391https://bugzilla.redhat.com/show_bug.cgi?id=2301634https://bugzilla.redhat.com/show_bug.cgi?id=2303654https://bugzilla.redhat.com/show_bug.cgi?id=2305975https://bugzilla.redhat.com/show_bug.cgi?id=2307955https://bugzilla.redhat.com/show_bug.cgi?id=2308677https://bugzilla.redhat.com/show_bug.cgi?id=2320103

Red Hat Security Advisory 2024-9990-03

Red Hat Security Advisory 2024-9989-03 - An update for python-webob is now available for Red Hat OpenStack Platform 17.1.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9989.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: RHOSP 17.1.4 (python-webob) security updateAdvisory ID:        RHSA-2024:9989-03Product:            Red Hat OpenStack PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:9989Issue date:         2024-11-25Revision:           03CVE Names:          CVE-2024-42353====================================================================Summary: An update for python-webob is now available for Red Hat OpenStack Platform (RHOSP) 17.1 (Wallaby).Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.Description:WebOb provides wrappers around the WSGI request environment, and an objectto help create WSGI responses. The objects map much of the specifiedbehavior of HTTP, including header parsing and accessors for other standardparts of the environment.Security Fix(es):* WebOb's location header normalization during redirect leads to openredirect (CVE-2024-42353)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-42353References:https://access.redhat.com/security/updates/classification/#moderate

Red Hat Security Advisory 2024-9989-03

Red Hat Security Advisory 2024-9988-03 - An update for python-requests is now available for Red Hat OpenStack Platform 17.1.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9988.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: RHOSP 17.1.4 (python-requests) security updateAdvisory ID:        RHSA-2024:9988-03Product:            Red Hat OpenStack PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:9988Issue date:         2024-11-25Revision:           03CVE Names:          CVE-2024-35195====================================================================Summary: An update for python-requests is now available for Red Hat OpenStackPlatform (RHOSP) 17.1 (Wallaby).Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.Description:Most existing Python modules for sending HTTP requests are extremelyverbose and cumbersome. Python’s built-in urllib2 module provides most ofthe HTTP capabilities you should need, but the API is thoroughly broken.This library is designed to make HTTP requests easy for developers.Security Fix(es):* subsequent requests to the same host ignore cert verification(CVE-2024-35195)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-35195References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2282114

Red Hat Security Advisory 2024-9988-03

Red Hat Security Advisory 2024-9986-03 - An update for python-sqlparse is now available for Red Hat OpenStack Platform 17.1. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9986.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: RHOSP 17.1.4 (python-sqlparse) security updateAdvisory ID:        RHSA-2024:9986-03Product:            Red Hat OpenStack PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:9986Issue date:         2024-11-25Revision:           03CVE Names:          CVE-2024-4340====================================================================Summary: An update for python-sqlparse is now available for Red Hat OpenStackPlatform (RHOSP) 17.1 (Wallaby).Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.Description:sqlparse is a tool for parsing SQL stringsSecurity Fix(es):* parsing heavily nested list leads to denial of service (CVE-2024-4340)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-4340References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2278038

Red Hat Security Advisory 2024-9986-03

Red Hat Security Advisory 2024-9985-03 - An update for python-urllib3 is now available for Red Hat OpenStack Platform 17.1.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9985.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: RHOSP 17.1.4 (python-urllib3) security updateAdvisory ID:        RHSA-2024:9985-03Product:            Red Hat OpenStack PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:9985Issue date:         2024-11-25Revision:           03CVE Names:          CVE-2024-37891====================================================================Summary: An update for python-urllib3 is now available for Red Hat OpenStackPlatform (RHOSP) 17.1 (Wallaby).Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.Description:Python HTTP module with connection pooling and file POST abilities.Security Fix(es):* proxy-authorization request header is not stripped during cross-originredirects (CVE-2024-37891)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-37891References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2292788

Red Hat Security Advisory 2024-9985-03

Red Hat Security Advisory 2024-9984-03 - An update for python-sqlparse is now available for Red Hat OpenStack Platform 17.1. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9984.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: RHOSP 17.1.4 (python-sqlparse) security updateAdvisory ID:        RHSA-2024:9984-03Product:            Red Hat OpenStack PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:9984Issue date:         2024-11-25Revision:           03CVE Names:          CVE-2024-4340====================================================================Summary: An update for python-sqlparse is now available for Red Hat OpenStackPlatform (RHOSP) 17.1 (Wallaby).Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.Description:sqlparse is a tool for parsing SQL stringsSecurity Fix(es):* parsing heavily nested list leads to denial of service (CVE-2024-4340)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-4340References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2278038

Red Hat Security Advisory 2024-9984-03

Red Hat Security Advisory 2024-9983-03 - An update for python-webob is now available for Red Hat OpenStack Platform 17.1.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9983.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: RHOSP 17.1.4 (python-webob) security updateAdvisory ID:        RHSA-2024:9983-03Product:            Red Hat OpenStack PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:9983Issue date:         2024-11-25Revision:           03CVE Names:          CVE-2024-42353====================================================================Summary: An update for python-webob is now available for Red Hat OpenStack Platform (RHOSP) 17.1 (Wallaby).Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.Description:WebOb provides wrappers around the WSGI request environment, and an objectto help create WSGI responses. The objects map much of the specifiedbehavior of HTTP, including header parsing and accessors for other standardparts of the environment.Security Fix(es):* WebOb's location header normalization during redirect leads to openredirect (CVE-2024-42353)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-42353References:https://access.redhat.com/security/updates/classification/#moderate

Tag

#js