SUSE-SU-2021:0341-1

Опубликовано: 08 фев. 2021

Источник: suse-cvrf

Описание

Security update for python-urllib3

This update for python-urllib3 fixes the following issues:

CVE-2020-26116: Raise ValueError if method contains control characters and thus prevent CRLF injection into URLs (bsc#1177211).
Skip test for RECENT_DATE (bsc#1181571).

Список пакетов

Image SLES15-Azure-BYOS

python3-urllib3-1.22-6.12.1

Image SLES15-EC2-CHOST-HVM-BYOS

python3-urllib3-1.22-6.12.1

Image SLES15-EC2-HVM-BYOS

python3-urllib3-1.22-6.12.1

Image SLES15-GCE-BYOS

python3-urllib3-1.22-6.12.1

Image SLES15-OCI-BYOS

python3-urllib3-1.22-6.12.1

Image SLES15-SAP-Azure

python3-urllib3-1.22-6.12.1

Image SLES15-SAP-Azure-BYOS

python3-urllib3-1.22-6.12.1

Image SLES15-SAP-Azure-LI-BYOS-Production

python3-urllib3-1.22-6.12.1

Image SLES15-SAP-Azure-VLI-BYOS-Production

python3-urllib3-1.22-6.12.1

Image SLES15-SAP-EC2-HVM

python3-urllib3-1.22-6.12.1

Image SLES15-SAP-EC2-HVM-BYOS

python3-urllib3-1.22-6.12.1

Image SLES15-SAP-GCE

python3-urllib3-1.22-6.12.1

Image SLES15-SAP-GCE-BYOS

python3-urllib3-1.22-6.12.1

Image SLES15-SAP-OCI-BYOS

python3-urllib3-1.22-6.12.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS

python2-urllib3-1.22-6.12.1

python3-urllib3-1.22-6.12.1

SUSE Linux Enterprise High Performance Computing 15-LTSS

python2-urllib3-1.22-6.12.1

python3-urllib3-1.22-6.12.1

SUSE Linux Enterprise Server 15-LTSS

python2-urllib3-1.22-6.12.1

python3-urllib3-1.22-6.12.1

SUSE Linux Enterprise Server for SAP Applications 15

python2-urllib3-1.22-6.12.1

python3-urllib3-1.22-6.12.1

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20210341-1/
Link for SUSE-SU-2021:0341-1
https://lists.suse.com/pipermail/sle-security-updates/2021-February/008284.html
E-Mail link for SUSE-SU-2021:0341-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1177211
SUSE Bug 1177211
https://bugzilla.suse.com/1181571
SUSE Bug 1181571
https://www.suse.com/security/cve/CVE-2020-26116/
SUSE CVE CVE-2020-26116 page

Описание

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

Затронутые продукты

Image SLES15-Azure-BYOS:python3-urllib3-1.22-6.12.1

Image SLES15-EC2-CHOST-HVM-BYOS:python3-urllib3-1.22-6.12.1

Image SLES15-EC2-HVM-BYOS:python3-urllib3-1.22-6.12.1

Image SLES15-GCE-BYOS:python3-urllib3-1.22-6.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-26116.html
CVE-2020-26116
https://bugzilla.suse.com/1177120
SUSE Bug 1177120
https://bugzilla.suse.com/1177211
SUSE Bug 1177211
https://bugzilla.suse.com/1192361
SUSE Bug 1192361

SUSE-SU-2021:0341-1

Описание

Список пакетов

Image SLES15-Azure-BYOS

Image SLES15-EC2-CHOST-HVM-BYOS

Image SLES15-EC2-HVM-BYOS

Image SLES15-GCE-BYOS

Image SLES15-OCI-BYOS

Image SLES15-SAP-Azure

Image SLES15-SAP-Azure-BYOS

Image SLES15-SAP-Azure-LI-BYOS-Production

Image SLES15-SAP-Azure-VLI-BYOS-Production

Image SLES15-SAP-EC2-HVM

Image SLES15-SAP-EC2-HVM-BYOS

Image SLES15-SAP-GCE

Image SLES15-SAP-GCE-BYOS

Image SLES15-SAP-OCI-BYOS

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Server for SAP Applications 15

Ссылки

Уязвимость: CVE-2020-26116

Описание

Затронутые продукты

Ссылки