MGASA-2021-0266

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0266.html

Import Source

https://advisories.mageia.org/MGASA-2021-0266.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2021-0266

Related

CVE-2021-21419

Published

2021-06-18T19:24:28Z

Modified

2021-06-18T18:21:30Z

Summary

Updated python-eventlet packages fix security vulnerability

Details

Updated python-eventlet packages fix a security vulnerability:

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As a workaround, restricting memory usage via OS limits would help against overall machine exhaustion, but there is no workaround to protect Eventlet process (CVE-2021-21419).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / python-eventlet

Package

Name: python-eventlet
Purl: pkg:rpm/mageia/python-eventlet?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.24.1-1.1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:8 / python-eventlet

Package

Name: python-eventlet
Purl: pkg:rpm/mageia/python-eventlet?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.31.0-1.mga8

Ecosystem specific

{
    "section": "core"
}