Описание
Security update for python-requests
This update for python-requests to version 2.20.1 fixes the following issues:
Security issue fixed:
- CVE-2018-18074: Fixed an information disclosure vulnerability of the HTTP Authorization header (bsc#1111622).
Список пакетов
Container caasp/v4/k8s-sidecar:0.1.75
python3-requests-2.20.1-6.3.2
Container ses/6/cephcsi/cephcsi:latest
python3-requests-2.20.1-6.3.2
Container ses/6/rook/ceph:latest
python3-requests-2.20.1-6.3.2
Container ses/7/ceph/ceph:latest
python3-requests-2.20.1-6.3.2
Container ses/7/cephcsi/cephcsi:latest
python3-requests-2.20.1-6.3.2
Container ses/7/rook/ceph:latest
python3-requests-2.20.1-6.3.2
SUSE Linux Enterprise Module for Basesystem 15 SP1
python3-requests-2.20.1-6.3.2
SUSE Linux Enterprise Module for Python 2 15 SP1
python2-requests-2.20.1-6.3.2
Ссылки
- Link for SUSE-SU-2019:1487-1
- E-Mail link for SUSE-SU-2019:1487-1
- SUSE Security Ratings
- SUSE Bug 1111622
- SUSE CVE CVE-2018-18074 page
Описание
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
Затронутые продукты
Container caasp/v4/k8s-sidecar:0.1.75:python3-requests-2.20.1-6.3.2
Container ses/6/cephcsi/cephcsi:latest:python3-requests-2.20.1-6.3.2
Container ses/6/rook/ceph:latest:python3-requests-2.20.1-6.3.2
Container ses/7/ceph/ceph:latest:python3-requests-2.20.1-6.3.2
Ссылки
- CVE-2018-18074
- SUSE Bug 1111622