Описание
Security update for python-urllib3
This update for python-urllib3 fixes the following issues:
- CVE-2020-26137: Fixed a CRLF injection via HTTP request method (bsc#1177120).
Список пакетов
Container caasp/v4/k8s-sidecar:0.1.75
python3-urllib3-1.24-9.10.1
Container ses/6/cephcsi/cephcsi:latest
python3-urllib3-1.24-9.10.1
Container ses/6/rook/ceph:latest
python3-urllib3-1.24-9.10.1
Container ses/7/cephcsi/cephcsi:latest
python3-urllib3-1.24-9.10.1
Container ses/7/rook/ceph:latest
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-Azure-BYOS
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-Azure-HPC-BYOS
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-CAP-Deployment-BYOS-EC2-HVM
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-CAP-Deployment-BYOS-GCE
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-CHOST-BYOS-Azure
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-CHOST-BYOS-EC2
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-EC2-HPC-HVM-BYOS
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-EC2-HVM-BYOS
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-GCE-BYOS
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server
python2-urllib3-1.24-9.10.1
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server
python2-urllib3-1.24-9.10.1
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-Manager-4-0-GCE-BYOS-Proxy
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server
python2-urllib3-1.24-9.10.1
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-OCI-BYOS
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-SAP-Azure
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-SAP-Azure-BYOS
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-SAP-EC2-HVM
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-SAP-EC2-HVM-BYOS
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-SAP-GCE
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-SAP-GCE-BYOS
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-SAP-OCI-BYOS
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-SAPCAL-Azure
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-SAPCAL-EC2-HVM
python3-urllib3-1.24-9.10.1
Image SLES15-SP1-SAPCAL-GCE
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-Azure-Basic
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-Azure-Standard
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-BYOS-Azure
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-BYOS-EC2-HVM
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-BYOS-GCE
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-CHOST-BYOS-Aliyun
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-CHOST-BYOS-Azure
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-CHOST-BYOS-EC2
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-EC2-ECS-HVM
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-EC2-HVM
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-GCE
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-HPC-Azure
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-HPC-BYOS-Azure
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-HPC-BYOS-EC2-HVM
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure
python2-urllib3-1.24-9.10.1
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM
python2-urllib3-1.24-9.10.1
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE
python2-urllib3-1.24-9.10.1
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-SAP-Azure
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-SAP-BYOS-Azure
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-SAP-BYOS-GCE
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-SAP-EC2-HVM
python3-urllib3-1.24-9.10.1
Image SLES15-SP2-SAP-GCE
python3-urllib3-1.24-9.10.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
python2-urllib3-1.24-9.10.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
python2-urllib3-1.24-9.10.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
python2-urllib3-1.24-9.10.1
SUSE Linux Enterprise Module for Basesystem 15 SP1
python3-urllib3-1.24-9.10.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
python3-urllib3-1.24-9.10.1
SUSE Linux Enterprise Module for Python 2 15 SP1
python2-urllib3-1.24-9.10.1
SUSE Linux Enterprise Module for Python 2 15 SP2
python2-urllib3-1.24-9.10.1
Ссылки
- Link for SUSE-SU-2020:3723-1
- E-Mail link for SUSE-SU-2020:3723-1
- SUSE Security Ratings
- SUSE Bug 1177120
- SUSE CVE CVE-2020-26137 page
Описание
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
Затронутые продукты
Container caasp/v4/k8s-sidecar:0.1.75:python3-urllib3-1.24-9.10.1
Container ses/6/cephcsi/cephcsi:latest:python3-urllib3-1.24-9.10.1
Container ses/6/rook/ceph:latest:python3-urllib3-1.24-9.10.1
Container ses/7/cephcsi/cephcsi:latest:python3-urllib3-1.24-9.10.1
Ссылки
- CVE-2020-26137
- SUSE Bug 1177120
- SUSE Bug 1177211