SUSE Package Hub - openSUSE-2024-243

Update Info

openSUSE-2024-243

Security update for python-aiosmtpd

Type: security

Severity: important

Issued: 2024-08-16

Description:

This update for python-aiosmtpd fixes the following issues:

- CVE-2024-34083: Fixed MiTM attack could inject extra unencrypted commands after STARTTLS (boo#1224467)
- CVE-2024-27305: Fixed SMTP smuggling (boo#1221328)

References

CVE: CVE-2024-34083
CVE: CVE-2024-27305
Bugzilla: 1224467 VUL-0: CVE-2024-34083: python-aiosmtpd: MiTM attack could inject extra unencrypted commands after STARTTLS
Bugzilla: 1221328 VUL-0: CVE-2024-27305: python-aiosmtpd: SMTP smuggling

Packages

python-aiosmtpd-1.2.1-bp155.3.3.1