python311-starlette-0.47.2-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:16443 Final 1 1 2025-07-24T00:00:00Z current 2025-07-24T00:00:00Z 2025-07-24T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z python311-starlette-0.47.2-1.1 on GA media These are all security issues fixed in the python311-starlette-0.47.2-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-16443 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-54121/ SUSE CVE CVE-2025-54121 page openSUSE Tumbleweed python311-starlette-0.47.2-1.1 python312-starlette-0.47.2-1.1 python313-starlette-0.47.2-1.1 python311-starlette-0.47.2-1.1 as a component of openSUSE Tumbleweed python312-starlette-0.47.2-1.1 as a component of openSUSE Tumbleweed python313-starlette-0.47.2-1.1 as a component of openSUSE Tumbleweed Starlette is a lightweight ASGI (Asynchronous Server Gateway Interface) framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files (greater than the default max spool size) starlette will block the main thread to roll the file over to disk. This blocks the event thread which means the application can't accept new connections. The UploadFile code has a minor bug where instead of just checking for self._in_memory, the logic should also check if the additional bytes will cause a rollover. The vulnerability is fixed in version 0.47.2. CVE-2025-54121 openSUSE Tumbleweed:python311-starlette-0.47.2-1.1 openSUSE Tumbleweed:python312-starlette-0.47.2-1.1 openSUSE Tumbleweed:python313-starlette-0.47.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-54121.html CVE-2025-54121 https://bugzilla.suse.com/1246855 SUSE Bug 1246855