python311-eventlet-0.40.3-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:16569 Final 1 1 2025-09-01T00:00:00Z current 2025-09-01T00:00:00Z 2025-09-01T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z python311-eventlet-0.40.3-1.1 on GA media These are all security issues fixed in the python311-eventlet-0.40.3-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-16569 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-58068/ SUSE CVE CVE-2025-58068 page openSUSE Tumbleweed python311-eventlet-0.40.3-1.1 python312-eventlet-0.40.3-1.1 python313-eventlet-0.40.3-1.1 python311-eventlet-0.40.3-1.1 as a component of openSUSE Tumbleweed python312-eventlet-0.40.3-1.1 as a component of openSUSE Tumbleweed python313-eventlet-0.40.3-1.1 as a component of openSUSE Tumbleweed Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted attacks against active site users, and poison web caches. This problem has been patched in Eventlet 0.40.3 by dropping trailers which is a breaking change if a backend behind eventlet.wsgi proxy requires trailers. A workaround involves not using eventlet.wsgi facing untrusted clients. CVE-2025-58068 openSUSE Tumbleweed:python311-eventlet-0.40.3-1.1 openSUSE Tumbleweed:python312-eventlet-0.40.3-1.1 openSUSE Tumbleweed:python313-eventlet-0.40.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-58068.html CVE-2025-58068 https://bugzilla.suse.com/1248994 SUSE Bug 1248994