Описание
Security update for python-urllib3
This update for python-urllib3 fixes the following issues:
Security issues fixed:
- CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071).
- CVE-2019-11324: Fixed invalid CA certificat verification (bsc#1132900).
- CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663).
Список пакетов
Container caasp/v4/k8s-sidecar:0.1.75
python3-urllib3-1.24-9.4.1
Container ses/6/cephcsi/cephcsi:latest
python3-urllib3-1.24-9.4.1
Container ses/6/rook/ceph:latest
python3-urllib3-1.24-9.4.1
Container ses/7/ceph/ceph:latest
python3-urllib3-1.24-9.4.1
Container ses/7/cephcsi/cephcsi:latest
python3-urllib3-1.24-9.4.1
Container ses/7/rook/ceph:latest
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-Azure-BYOS
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-Azure-HPC-BYOS
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-CAP-Deployment-BYOS-EC2-HVM
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-CAP-Deployment-BYOS-GCE
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-CHOST-BYOS-Azure
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-CHOST-BYOS-EC2
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-EC2-HPC-HVM-BYOS
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-EC2-HVM-BYOS
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-GCE-BYOS
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server
python2-urllib3-1.24-9.4.1
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server
python2-urllib3-1.24-9.4.1
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-Manager-4-0-GCE-BYOS-Proxy
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server
python2-urllib3-1.24-9.4.1
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-OCI-BYOS
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-SAP-Azure
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-SAP-Azure-BYOS
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-SAP-EC2-HVM
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-SAP-EC2-HVM-BYOS
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-SAP-GCE
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-SAP-GCE-BYOS
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-SAP-OCI-BYOS
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-SAPCAL-Azure
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-SAPCAL-EC2-HVM
python3-urllib3-1.24-9.4.1
Image SLES15-SP1-SAPCAL-GCE
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-Azure-Basic
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-Azure-Standard
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-BYOS-Azure
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-BYOS-EC2-HVM
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-BYOS-GCE
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-CAP-Deployment-BYOS-Azure
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-CHOST-BYOS-Aliyun
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-CHOST-BYOS-Azure
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-CHOST-BYOS-EC2
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-EC2-ECS-HVM
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-EC2-HVM
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-GCE
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-HPC-Azure
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-HPC-BYOS-Azure
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-HPC-BYOS-EC2-HVM
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure
python2-urllib3-1.24-9.4.1
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM
python2-urllib3-1.24-9.4.1
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE
python2-urllib3-1.24-9.4.1
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-SAP-Azure
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-SAP-BYOS-Azure
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-SAP-BYOS-GCE
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-SAP-EC2-HVM
python3-urllib3-1.24-9.4.1
Image SLES15-SP2-SAP-GCE
python3-urllib3-1.24-9.4.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
python2-urllib3-1.24-9.4.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
python2-urllib3-1.24-9.4.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
python2-urllib3-1.24-9.4.1
SUSE Linux Enterprise Module for Basesystem 15 SP1
python3-urllib3-1.24-9.4.1
SUSE Linux Enterprise Module for Python 2 15 SP1
python2-urllib3-1.24-9.4.1
Ссылки
- Link for SUSE-SU-2019:2332-1
- E-Mail link for SUSE-SU-2019:2332-1
- SUSE Security Ratings
- SUSE Bug 1129071
- SUSE Bug 1132663
- SUSE Bug 1132900
- SUSE CVE CVE-2019-11236 page
- SUSE CVE CVE-2019-11324 page
- SUSE CVE CVE-2019-9740 page
Описание
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.
Затронутые продукты
Container caasp/v4/k8s-sidecar:0.1.75:python3-urllib3-1.24-9.4.1
Container ses/6/cephcsi/cephcsi:latest:python3-urllib3-1.24-9.4.1
Container ses/6/rook/ceph:latest:python3-urllib3-1.24-9.4.1
Container ses/7/ceph/ceph:latest:python3-urllib3-1.24-9.4.1
Ссылки
- CVE-2019-11236
- SUSE Bug 1129071
- SUSE Bug 1132663
Описание
The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.
Затронутые продукты
Container caasp/v4/k8s-sidecar:0.1.75:python3-urllib3-1.24-9.4.1
Container ses/6/cephcsi/cephcsi:latest:python3-urllib3-1.24-9.4.1
Container ses/6/rook/ceph:latest:python3-urllib3-1.24-9.4.1
Container ses/7/ceph/ceph:latest:python3-urllib3-1.24-9.4.1
Ссылки
- CVE-2019-11324
- SUSE Bug 1132900
Описание
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.
Затронутые продукты
Container caasp/v4/k8s-sidecar:0.1.75:python3-urllib3-1.24-9.4.1
Container ses/6/cephcsi/cephcsi:latest:python3-urllib3-1.24-9.4.1
Container ses/6/rook/ceph:latest:python3-urllib3-1.24-9.4.1
Container ses/7/ceph/ceph:latest:python3-urllib3-1.24-9.4.1
Ссылки
- CVE-2019-9740
- SUSE Bug 1129071
- SUSE Bug 1130840
- SUSE Bug 1132663