SUSE-SU-2020:1792-1

Опубликовано: 26 июн. 2020

Источник: suse-cvrf

Описание

Security update for python3-requests

This update for python3-requests provides the following fix:

python-requests was updated to 2.20.1.

Update to version 2.20.1:

Fixed bug with unintended Authorization header stripping for redirects using default ports (http/80, https/443).

Update to version 2.20.0:

Bugfixes
- Content-Type header parsing is now case-insensitive (e.g. charset=utf8 v Charset=utf8).
- Fixed exception leak where certain redirect urls would raise uncaught urllib3 exceptions.
- Requests removes Authorization header from requests redirected from https to http on the same hostname. (CVE-2018-18074)
- should_bypass_proxies now handles URIs without hostnames (e.g. files).

Update to version 2.19.1:

Fixed issue where status_codes.py’s init function failed trying to append to a doc value of None.

Update to version 2.19.0:

Improvements
- Warn about possible slowdown with cryptography version < 1.3.4
- Check host in proxy URL, before forwarding request to adapter.
- Maintain fragments properly across redirects. (RFC7231 7.1.2)
- Removed use of cgi module to expedite library load time.
- Added support for SHA-256 and SHA-512 digest auth algorithms.
- Minor performance improvement to Request.content.
Bugfixes
- Parsing empty Link headers with parse_header_links() no longer return one bogus entry.
- Fixed issue where loading the default certificate bundle from a zip archive would raise an IOError.
- Fixed issue with unexpected ImportError on windows system which do not support winreg module.
- DNS resolution in proxy bypass no longer includes the username and password in the request. This also fixes the issue of DNS queries failing on macOS.
- Properly normalize adapter prefixes for url comparison.
- Passing None as a file pointer to the files param no longer raises an exception.
- Calling copy on a RequestsCookieJar will now preserve the cookie policy correctly.

Update to version 2.18.4:

Improvements
- Error messages for invalid headers now include the header name for easier debugging

Update to version 2.18.3:

Improvements
- Running $ python -m requests.help now includes the installed version of idna.
Bugfixes
- Fixed issue where Requests would raise ConnectionError instead of SSLError when encountering SSL problems when using urllib3 v1.22.

Add ca-certificates (and ca-certificates-mozilla) to dependencies, otherwise https connections will fail.

Список пакетов

HPE Helion OpenStack 8

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP4-Azure-BYOS

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP4-EC2-HVM-BYOS

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP4-GCE-BYOS

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP4-OCI-BYOS

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-urllib3-1.22-3.20.1

Image SLES12-SP4-SAP-Azure

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP4-SAP-Azure-BYOS

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

Image SLES12-SP4-SAP-EC2-HVM

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP4-SAP-EC2-HVM-BYOS

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP4-SAP-GCE

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP4-SAP-GCE-BYOS

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP4-SAP-OCI-BYOS

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-urllib3-1.22-3.20.1

Image SLES12-SP5-Azure-BYOS

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP5-Azure-Basic-On-Demand

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP5-Azure-HPC-BYOS

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP5-Azure-HPC-On-Demand

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP5-Azure-SAP-BYOS

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP5-Azure-SAP-On-Demand

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP5-Azure-Standard-On-Demand

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP5-EC2-BYOS

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP5-EC2-ECS-On-Demand

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP5-EC2-On-Demand

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP5-EC2-SAP-BYOS

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP5-EC2-SAP-On-Demand

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP5-GCE-BYOS

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP5-GCE-On-Demand

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP5-GCE-SAP-BYOS

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP5-GCE-SAP-On-Demand

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP5-OCI-BYOS-BYOS

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP5-OCI-BYOS-SAP-BYOS

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

SUSE Enterprise Storage 5

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

SUSE Linux Enterprise Module for Public Cloud 12

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-urllib3-1.22-3.20.1

SUSE Linux Enterprise Server 12 SP2-BCL

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

SUSE Linux Enterprise Server 12 SP2-LTSS

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

SUSE Linux Enterprise Server 12 SP3-BCL

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

SUSE Linux Enterprise Server 12 SP3-LTSS

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

SUSE Linux Enterprise Server 12 SP4

python-chardet-3.0.4-5.6.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

SUSE Linux Enterprise Server 12 SP5

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

python-chardet-3.0.4-5.6.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

SUSE Linux Enterprise Software Development Kit 12 SP5

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

SUSE Linux Enterprise Workstation Extension 12 SP5

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

SUSE Manager Proxy 3.2

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

SUSE Manager Server 3.2

python-certifi-2018.4.16-3.6.1

python-chardet-3.0.4-5.6.1

python-urllib3-1.22-3.20.1

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

SUSE OpenStack Cloud 7

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

SUSE OpenStack Cloud 8

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

SUSE OpenStack Cloud Crowbar 8

python3-certifi-2018.4.16-3.6.1

python3-chardet-3.0.4-5.6.1

python3-requests-2.20.1-5.2

python3-urllib3-1.22-3.20.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20201792-1/
Link for SUSE-SU-2020:1792-1
https://lists.suse.com/pipermail/sle-security-updates/2020-June/007049.html
E-Mail link for SUSE-SU-2020:1792-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1054413
SUSE Bug 1054413
https://bugzilla.suse.com/1073879
SUSE Bug 1073879
https://bugzilla.suse.com/1111622
SUSE Bug 1111622
https://bugzilla.suse.com/1122668
SUSE Bug 1122668
https://bugzilla.suse.com/761500
SUSE Bug 761500
https://bugzilla.suse.com/922448
SUSE Bug 922448
https://bugzilla.suse.com/929736
SUSE Bug 929736
https://bugzilla.suse.com/935252
SUSE Bug 935252
https://bugzilla.suse.com/945455
SUSE Bug 945455
https://bugzilla.suse.com/947357
SUSE Bug 947357
https://bugzilla.suse.com/961596
SUSE Bug 961596
https://bugzilla.suse.com/967128
SUSE Bug 967128
https://www.suse.com/security/cve/CVE-2015-2296/
SUSE CVE CVE-2015-2296 page
https://www.suse.com/security/cve/CVE-2018-18074/
SUSE CVE CVE-2018-18074 page

Описание

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.

Затронутые продукты

HPE Helion OpenStack 8:python3-certifi-2018.4.16-3.6.1

HPE Helion OpenStack 8:python3-chardet-3.0.4-5.6.1

HPE Helion OpenStack 8:python3-requests-2.20.1-5.2

HPE Helion OpenStack 8:python3-urllib3-1.22-3.20.1

Ссылки

https://www.suse.com/security/cve/CVE-2015-2296.html
CVE-2015-2296
https://bugzilla.suse.com/922448
SUSE Bug 922448
https://bugzilla.suse.com/926396
SUSE Bug 926396

Описание

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

Затронутые продукты

HPE Helion OpenStack 8:python3-certifi-2018.4.16-3.6.1

HPE Helion OpenStack 8:python3-chardet-3.0.4-5.6.1

HPE Helion OpenStack 8:python3-requests-2.20.1-5.2

HPE Helion OpenStack 8:python3-urllib3-1.22-3.20.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-18074.html
CVE-2018-18074
https://bugzilla.suse.com/1111622
SUSE Bug 1111622

SUSE-SU-2020:1792-1

Описание

Список пакетов

HPE Helion OpenStack 8

Image SLES12-SP4-Azure-BYOS

Image SLES12-SP4-EC2-HVM-BYOS

Image SLES12-SP4-GCE-BYOS

Image SLES12-SP4-OCI-BYOS

Image SLES12-SP4-SAP-Azure

Image SLES12-SP4-SAP-Azure-BYOS

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

Image SLES12-SP4-SAP-EC2-HVM

Image SLES12-SP4-SAP-EC2-HVM-BYOS

Image SLES12-SP4-SAP-GCE

Image SLES12-SP4-SAP-GCE-BYOS

Image SLES12-SP4-SAP-OCI-BYOS

Image SLES12-SP5-Azure-BYOS

Image SLES12-SP5-Azure-Basic-On-Demand

Image SLES12-SP5-Azure-HPC-BYOS

Image SLES12-SP5-Azure-HPC-On-Demand

Image SLES12-SP5-Azure-SAP-BYOS

Image SLES12-SP5-Azure-SAP-On-Demand

Image SLES12-SP5-Azure-Standard-On-Demand

Image SLES12-SP5-EC2-BYOS

Image SLES12-SP5-EC2-ECS-On-Demand

Image SLES12-SP5-EC2-On-Demand

Image SLES12-SP5-EC2-SAP-BYOS

Image SLES12-SP5-EC2-SAP-On-Demand

Image SLES12-SP5-GCE-BYOS

Image SLES12-SP5-GCE-On-Demand

Image SLES12-SP5-GCE-SAP-BYOS

Image SLES12-SP5-GCE-SAP-On-Demand

Image SLES12-SP5-OCI-BYOS-BYOS

Image SLES12-SP5-OCI-BYOS-SAP-BYOS

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

SUSE Enterprise Storage 5

SUSE Linux Enterprise Module for Public Cloud 12

SUSE Linux Enterprise Server 12 SP2-BCL

SUSE Linux Enterprise Server 12 SP2-LTSS

SUSE Linux Enterprise Server 12 SP3-BCL

SUSE Linux Enterprise Server 12 SP3-LTSS

SUSE Linux Enterprise Server 12 SP4

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP2

SUSE Linux Enterprise Server for SAP Applications 12 SP3

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP5

SUSE Linux Enterprise Workstation Extension 12 SP5

SUSE Manager Proxy 3.2

SUSE Manager Server 3.2

SUSE OpenStack Cloud 7

SUSE OpenStack Cloud 8

SUSE OpenStack Cloud Crowbar 8

Ссылки

Уязвимость: CVE-2015-2296

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-18074

Описание

Затронутые продукты

Ссылки