Overview

File _patchinfo of Package patchinfo.36838

<patchinfo incident="36838">
  <issue tracker="cve" id="2024-7246"/>
  <issue tracker="cve" id="2024-11407"/>
  <issue tracker="bnc" id="1228919">VUL-0: CVE-2024-7246: grpc, python-grpcio: gRPC clients communicating with a HTTP/2 proxy can poison the HPACK table between the proxy and the backend</issue>
  <issue tracker="bnc" id="1233821">VUL-0: CVE-2024-11407: grpc, python-grpcio: servers with transmit zero copy enabled through GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues</issue>
  <packager>pgajdos</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for grpc</summary>
  <description>This update for grpc fixes the following issues:

- CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. (bsc#1228919)
- CVE-2024-11407: data corruption on servers with transmit zero copy enabled. (bsc#1233821)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places