python310-fastapi-0.109.1-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13684-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z python310-fastapi-0.109.1-1.1 on GA media These are all security issues fixed in the python310-fastapi-0.109.1-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13684 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-24762/ SUSE CVE CVE-2024-24762 page openSUSE Tumbleweed python310-fastapi-0.109.1-1.1 python311-fastapi-0.109.1-1.1 python312-fastapi-0.109.1-1.1 python39-fastapi-0.109.1-1.1 python310-fastapi-0.109.1-1.1 as a component of openSUSE Tumbleweed python311-fastapi-0.109.1-1.1 as a component of openSUSE Tumbleweed python312-fastapi-0.109.1-1.1 as a component of openSUSE Tumbleweed python39-fastapi-0.109.1-1.1 as a component of openSUSE Tumbleweed `python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests, leading to regular expression denial of service. This vulnerability has been patched in version 0.0.7. CVE-2024-24762 openSUSE Tumbleweed:python310-fastapi-0.109.1-1.1 openSUSE Tumbleweed:python311-fastapi-0.109.1-1.1 openSUSE Tumbleweed:python312-fastapi-0.109.1-1.1 openSUSE Tumbleweed:python39-fastapi-0.109.1-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-24762.html CVE-2024-24762 https://bugzilla.suse.com/1219603 SUSE Bug 1219603