SUSE: CVE-2023-28858: SUSE Linux Security Advisory
4
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
03/26/2023
05/15/2024
05/15/2024
07/03/2024
Description
redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT, and 4.3.6, 4.4.3, and 4.5.3 were released (changing the behavior for pipeline operations); however, please see CVE-2023-28859 about addressing data leakage across AsyncIO connections in general.
Solution(s)
- suse-upgrade-python-paramiko-doc
- suse-upgrade-python-tqdm-bash-completion
- suse-upgrade-python311-aiohttp
- suse-upgrade-python311-aiosignal
- suse-upgrade-python311-antlr4-python3-runtime
- suse-upgrade-python311-argcomplete
- suse-upgrade-python311-asgiref
- suse-upgrade-python311-async_timeout
- suse-upgrade-python311-automat
- suse-upgrade-python311-avro
- suse-upgrade-python311-blinker
- suse-upgrade-python311-chardet
- suse-upgrade-python311-constantly
- suse-upgrade-python311-decorator
- suse-upgrade-python311-deprecated
- suse-upgrade-python311-distro
- suse-upgrade-python311-docker
- suse-upgrade-python311-fabric
- suse-upgrade-python311-fakeredis
- suse-upgrade-python311-fixedint
- suse-upgrade-python311-fluidity-sm
- suse-upgrade-python311-frozenlist
- suse-upgrade-python311-httplib2
- suse-upgrade-python311-httpretty
- suse-upgrade-python311-humanfriendly
- suse-upgrade-python311-hyperlink
- suse-upgrade-python311-importlib-metadata
- suse-upgrade-python311-incremental
- suse-upgrade-python311-invoke
- suse-upgrade-python311-isodate
- suse-upgrade-python311-javaproperties
- suse-upgrade-python311-jsondiff
- suse-upgrade-python311-knack
- suse-upgrade-python311-lexicon
- suse-upgrade-python311-marshmallow
- suse-upgrade-python311-multidict
- suse-upgrade-python311-oauthlib
- suse-upgrade-python311-opencensus
- suse-upgrade-python311-opencensus-context
- suse-upgrade-python311-opencensus-ext-threading
- suse-upgrade-python311-opentelemetry-api
- suse-upgrade-python311-opentelemetry-sdk
- suse-upgrade-python311-opentelemetry-semantic-conventions
- suse-upgrade-python311-opentelemetry-test-utils
- suse-upgrade-python311-paramiko
- suse-upgrade-python311-pathspec
- suse-upgrade-python311-pip
- suse-upgrade-python311-pkginfo
- suse-upgrade-python311-portalocker
- suse-upgrade-python311-psutil
- suse-upgrade-python311-pycomposefile
- suse-upgrade-python311-pydash
- suse-upgrade-python311-pygithub
- suse-upgrade-python311-pygments
- suse-upgrade-python311-pyjwt
- suse-upgrade-python311-pyparsing
- suse-upgrade-python311-redis
- suse-upgrade-python311-requests-oauthlib
- suse-upgrade-python311-retrying
- suse-upgrade-python311-scp
- suse-upgrade-python311-semver
- suse-upgrade-python311-service_identity
- suse-upgrade-python311-sortedcontainers
- suse-upgrade-python311-sshtunnel
- suse-upgrade-python311-strictyaml
- suse-upgrade-python311-sure
- suse-upgrade-python311-tabulate
- suse-upgrade-python311-tqdm
- suse-upgrade-python311-twisted
- suse-upgrade-python311-twisted-all_non_platform
- suse-upgrade-python311-twisted-conch
- suse-upgrade-python311-twisted-conch_nacl
- suse-upgrade-python311-twisted-contextvars
- suse-upgrade-python311-twisted-http2
- suse-upgrade-python311-twisted-serial
- suse-upgrade-python311-twisted-tls
- suse-upgrade-python311-typing_extensions
- suse-upgrade-python311-vcrpy
- suse-upgrade-python311-websocket-client
- suse-upgrade-python311-wheel
- suse-upgrade-python311-wrapt
- suse-upgrade-python311-xmltodict
- suse-upgrade-python311-yarl
- suse-upgrade-python311-zipp
- suse-upgrade-python311-zope-interface
Advanced vulnerability management analytics and reporting.
Key Features
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center