Python libraries update (MINDBREEZE30937)

ID: MINDBREEZE30937 
Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS 
Severity: 6.8 Medium  
Status: Final 
First published: July 31, 2024 
CVEs: CVE-2023-29483, CVE-2024-3651, CVE-2024-28102, CVE-2024-28219 

Summary

• dnspython: denial of service in stub resolver
• python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()
• python-jwcrypto: malicious JWE token can cause denial of service
• python-pillow: buffer overflow in _imagingcms.c

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 

• Mindbreeze InSpire 24.4 Release 
• Mindbreeze InSpire SaaS 24.4 Release