Описание
Recommended update for python-requests
This update for python-requests fixes the following issue:
- Update CVE-2024-35195.patch to allow the usage of 'verify' parameter as a directory (bsc#1225912)
Список пакетов
SUSE Linux Enterprise Module for Advanced Systems Management 12
python-requests-2.11.1-6.40.1
python3-requests-2.11.1-6.40.1
SUSE Manager Client Tools 12
python-requests-2.11.1-6.40.1
python3-requests-2.11.1-6.40.1
Ссылки
- Link for SUSE-RU-2024:3599-1
- E-Mail link for SUSE-RU-2024:3599-1
- SUSE Security Ratings
- SUSE Bug 1225912
- SUSE CVE CVE-2024-35195 page
Описание
Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.
Затронутые продукты
SUSE Linux Enterprise Module for Advanced Systems Management 12:python-requests-2.11.1-6.40.1
SUSE Linux Enterprise Module for Advanced Systems Management 12:python3-requests-2.11.1-6.40.1
SUSE Manager Client Tools 12:python-requests-2.11.1-6.40.1
SUSE Manager Client Tools 12:python3-requests-2.11.1-6.40.1
Ссылки
- CVE-2024-35195
- SUSE Bug 1224788