Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:0299-1

Опубликовано: 03 фев. 2021
Источник: suse-cvrf

Описание

Security update for python-urllib3

This update for python-urllib3 fixes the following issues:

  • Raise ValueError if method contains control characters and thus prevents CRLF injection into URLs (bsc#1177211, bpo#39603, CVE-2020-26116,).

Список пакетов

Image SLES12-SP4-Azure-BYOS
python-urllib3-1.22-3.23.1
python3-urllib3-1.22-3.23.1
Image SLES12-SP4-EC2-HVM-BYOS
python-urllib3-1.22-3.23.1
python3-urllib3-1.22-3.23.1
Image SLES12-SP4-GCE-BYOS
python-urllib3-1.22-3.23.1
python3-urllib3-1.22-3.23.1
Image SLES12-SP4-OCI-BYOS
python3-urllib3-1.22-3.23.1
Image SLES12-SP4-SAP-Azure
python-urllib3-1.22-3.23.1
python3-urllib3-1.22-3.23.1
Image SLES12-SP4-SAP-Azure-BYOS
python-urllib3-1.22-3.23.1
python3-urllib3-1.22-3.23.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
python-urllib3-1.22-3.23.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
python-urllib3-1.22-3.23.1
Image SLES12-SP4-SAP-EC2-HVM
python-urllib3-1.22-3.23.1
python3-urllib3-1.22-3.23.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS
python-urllib3-1.22-3.23.1
python3-urllib3-1.22-3.23.1
Image SLES12-SP4-SAP-GCE
python-urllib3-1.22-3.23.1
python3-urllib3-1.22-3.23.1
Image SLES12-SP4-SAP-GCE-BYOS
python-urllib3-1.22-3.23.1
python3-urllib3-1.22-3.23.1
Image SLES12-SP4-SAP-OCI-BYOS
python-urllib3-1.22-3.23.1
python3-urllib3-1.22-3.23.1
Image SLES12-SP5-Azure-BYOS
python-urllib3-1.22-3.23.1
python3-urllib3-1.22-3.23.1
Image SLES12-SP5-Azure-Basic-On-Demand
python3-urllib3-1.22-3.23.1
Image SLES12-SP5-Azure-HPC-BYOS
python-urllib3-1.22-3.23.1
python3-urllib3-1.22-3.23.1
Image SLES12-SP5-Azure-HPC-On-Demand
python3-urllib3-1.22-3.23.1
Image SLES12-SP5-Azure-SAP-BYOS
python-urllib3-1.22-3.23.1
python3-urllib3-1.22-3.23.1
Image SLES12-SP5-Azure-SAP-On-Demand
python-urllib3-1.22-3.23.1
python3-urllib3-1.22-3.23.1
Image SLES12-SP5-Azure-Standard-On-Demand
python3-urllib3-1.22-3.23.1
Image SLES12-SP5-EC2-BYOS
python-urllib3-1.22-3.23.1
python3-urllib3-1.22-3.23.1
Image SLES12-SP5-EC2-ECS-On-Demand
python-urllib3-1.22-3.23.1
python3-urllib3-1.22-3.23.1
Image SLES12-SP5-EC2-On-Demand
python-urllib3-1.22-3.23.1
python3-urllib3-1.22-3.23.1
Image SLES12-SP5-EC2-SAP-BYOS
python-urllib3-1.22-3.23.1
python3-urllib3-1.22-3.23.1
Image SLES12-SP5-EC2-SAP-On-Demand
python-urllib3-1.22-3.23.1
python3-urllib3-1.22-3.23.1
Image SLES12-SP5-GCE-BYOS
python-urllib3-1.22-3.23.1
python3-urllib3-1.22-3.23.1
Image SLES12-SP5-GCE-On-Demand
python3-urllib3-1.22-3.23.1
Image SLES12-SP5-GCE-SAP-BYOS
python-urllib3-1.22-3.23.1
python3-urllib3-1.22-3.23.1
Image SLES12-SP5-GCE-SAP-On-Demand
python-urllib3-1.22-3.23.1
python3-urllib3-1.22-3.23.1
Image SLES12-SP5-OCI-BYOS-BYOS
python3-urllib3-1.22-3.23.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
python-urllib3-1.22-3.23.1
python3-urllib3-1.22-3.23.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
python-urllib3-1.22-3.23.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
python-urllib3-1.22-3.23.1
SUSE Enterprise Storage 5
python-urllib3-1.22-3.23.1
SUSE Linux Enterprise Module for Public Cloud 12
python-urllib3-1.22-3.23.1
python3-urllib3-1.22-3.23.1
SUSE Linux Enterprise Server 12 SP5
python-urllib3-1.22-3.23.1
python3-urllib3-1.22-3.23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
python-urllib3-1.22-3.23.1
python3-urllib3-1.22-3.23.1
SUSE Linux Enterprise Software Development Kit 12 SP5
python3-urllib3-1.22-3.23.1
SUSE Linux Enterprise Workstation Extension 12 SP5
python3-urllib3-1.22-3.23.1

Ссылки

Описание

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

Затронутые продукты
Image SLES12-SP4-Azure-BYOS:python-urllib3-1.22-3.23.1
Image SLES12-SP4-Azure-BYOS:python3-urllib3-1.22-3.23.1
Image SLES12-SP4-EC2-HVM-BYOS:python-urllib3-1.22-3.23.1
Image SLES12-SP4-EC2-HVM-BYOS:python3-urllib3-1.22-3.23.1
Ссылки
Уязвимость SUSE-SU-2021:0299-1