SUSE: CVE-2024-11168: SUSE Linux Security Advisory

SUSE: CVE-2024-11168: SUSE Linux Security Advisory

Severity

4

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

11/12/2024

Created

01/04/2025

Added

01/03/2025

Modified

01/14/2025

Description

The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.

Solution(s)

• suse-upgrade-libpython2_7-1_0
• suse-upgrade-libpython2_7-1_0-32bit
• suse-upgrade-libpython3_10-1_0
• suse-upgrade-libpython3_10-1_0-32bit
• suse-upgrade-libpython3_4m1_0
• suse-upgrade-libpython3_4m1_0-32bit
• suse-upgrade-libpython3_6m1_0
• suse-upgrade-libpython3_6m1_0-32bit
• suse-upgrade-libpython3_9-1_0
• suse-upgrade-libpython3_9-1_0-32bit
• suse-upgrade-python
• suse-upgrade-python-32bit
• suse-upgrade-python-base
• suse-upgrade-python-base-32bit
• suse-upgrade-python-curses
• suse-upgrade-python-demo
• suse-upgrade-python-devel
• suse-upgrade-python-doc
• suse-upgrade-python-doc-pdf
• suse-upgrade-python-gdbm
• suse-upgrade-python-idle
• suse-upgrade-python-tk
• suse-upgrade-python-xml
• suse-upgrade-python3
• suse-upgrade-python3-base
• suse-upgrade-python3-curses
• suse-upgrade-python3-dbm
• suse-upgrade-python3-devel
• suse-upgrade-python3-doc
• suse-upgrade-python3-doc-devhelp
• suse-upgrade-python3-idle
• suse-upgrade-python3-testsuite
• suse-upgrade-python3-tk
• suse-upgrade-python3-tools
• suse-upgrade-python310
• suse-upgrade-python310-32bit
• suse-upgrade-python310-base
• suse-upgrade-python310-base-32bit
• suse-upgrade-python310-curses
• suse-upgrade-python310-dbm
• suse-upgrade-python310-devel
• suse-upgrade-python310-doc
• suse-upgrade-python310-doc-devhelp
• suse-upgrade-python310-idle
• suse-upgrade-python310-testsuite
• suse-upgrade-python310-tk
• suse-upgrade-python310-tools
• suse-upgrade-python36
• suse-upgrade-python36-base
• suse-upgrade-python39
• suse-upgrade-python39-32bit
• suse-upgrade-python39-base
• suse-upgrade-python39-base-32bit
• suse-upgrade-python39-curses
• suse-upgrade-python39-dbm
• suse-upgrade-python39-devel
• suse-upgrade-python39-doc
• suse-upgrade-python39-doc-devhelp
• suse-upgrade-python39-idle
• suse-upgrade-python39-testsuite
• suse-upgrade-python39-tk
• suse-upgrade-python39-tools

References

• https://attackerkb.com/topics/cve-2024-11168
• CVE - 2024-11168