摘要:
python-eventlet security update
安全等级: Medium
公告ID: KylinSec-SA-2025-2872
发布日期: 2025年9月15日
关联CVE: CVE-2025-58068
Eventlet is a concurrent networking library for Python that allows you to change how you run your code, not how you write it.
Security Fix(es):
Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted attacks against active site users, and poison web caches. This problem has been patched in Eventlet 0.40.3 by dropping trailers which is a breaking change if a backend behind eventlet.wsgi proxy requires trailers. A workaround involves not using eventlet.wsgi facing untrusted clients.(CVE-2025-58068)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2025-58068 | KY3.4-5A | python-eventlet | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| python-eventlet-help | noarch | 0.30.2-3.kb1.ky3_4 |
| python3-eventlet | noarch | 0.30.2-3.kb1.ky3_4 |
方法一:下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存,如 xxx.rpm
2、通过rpm命令升级,如 rpm -Uvh xxx.rpm
方法二:通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包,如 yum install 包名
