Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:1806-1

Опубликовано: 31 мая 2021
Источник: suse-cvrf

Описание

Security update for python-httplib2

This update for python-httplib2 fixes the following issues:

  • Update to version 0.19.0 (bsc#1182053).
  • CVE-2021-21240: Fixed regular expression denial of service via malicious header (bsc#1182053).
  • CVE-2020-11078: Fixed unescaped part of uri where an attacker could change request headers and body (bsc#1182053).

Список пакетов

Container caasp/v4/k8s-sidecar:0.1.75
python3-httplib2-0.19.0-3.3.1
Container ses/6/cephcsi/cephcsi:latest
python3-httplib2-0.19.0-3.3.1
Container ses/6/rook/ceph:latest
python3-httplib2-0.19.0-3.3.1
Container ses/7.1/cephcsi/cephcsi:latest
python3-httplib2-0.19.0-3.3.1
Container ses/7.1/rook/ceph:latest
python3-httplib2-0.19.0-3.3.1
Container ses/7/cephcsi/cephcsi:latest
python3-httplib2-0.19.0-3.3.1
Container ses/7/rook/ceph:latest
python3-httplib2-0.19.0-3.3.1
Image SLES15-SP2-SAP-BYOS-GCE
python3-httplib2-0.19.0-3.3.1
Image SLES15-SP2-SAP-GCE
python3-httplib2-0.19.0-3.3.1
Image SLES15-SP3-SAP-BYOS-GCE
python3-httplib2-0.19.0-3.3.1
Image SLES15-SP4-SAP-BYOS
python3-httplib2-0.19.0-3.3.1
Image SLES15-SP4-SAP-BYOS-GCE
python3-httplib2-0.19.0-3.3.1
Image SLES15-SP4-SAP-Hardened-BYOS-GCE
python3-httplib2-0.19.0-3.3.1
Image SLES15-SP4-SAP-Hardened-GCE
python3-httplib2-0.19.0-3.3.1
Image SLES15-SP5-SAP-BYOS-GCE
python3-httplib2-0.19.0-3.3.1
Image SLES15-SP5-SAP-Hardened-BYOS-GCE
python3-httplib2-0.19.0-3.3.1
Image SLES15-SP5-SAP-Hardened-GCE
python3-httplib2-0.19.0-3.3.1
Image SLES15-SP6-SAP-BYOS
python3-httplib2-0.19.0-3.3.1
Image SLES15-SP6-SAP-BYOS-GCE
python3-httplib2-0.19.0-3.3.1
Image SLES15-SP6-SAP-Hardened-BYOS-GCE
python3-httplib2-0.19.0-3.3.1
Image SLES15-SP6-SAP-Hardened-GCE
python3-httplib2-0.19.0-3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
python3-httplib2-0.19.0-3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
python3-httplib2-0.19.0-3.3.1
SUSE Linux Enterprise Module for Package Hub 15 SP2
python2-httplib2-0.19.0-3.3.1
SUSE Linux Enterprise Module for Package Hub 15 SP3
python2-httplib2-0.19.0-3.3.1

Ссылки

Описание

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.

Затронутые продукты
Container caasp/v4/k8s-sidecar:0.1.75:python3-httplib2-0.19.0-3.3.1
Container ses/6/cephcsi/cephcsi:latest:python3-httplib2-0.19.0-3.3.1
Container ses/6/rook/ceph:latest:python3-httplib2-0.19.0-3.3.1
Container ses/7.1/cephcsi/cephcsi:latest:python3-httplib2-0.19.0-3.3.1
Ссылки

Описание

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.

Затронутые продукты
Container caasp/v4/k8s-sidecar:0.1.75:python3-httplib2-0.19.0-3.3.1
Container ses/6/cephcsi/cephcsi:latest:python3-httplib2-0.19.0-3.3.1
Container ses/6/rook/ceph:latest:python3-httplib2-0.19.0-3.3.1
Container ses/7.1/cephcsi/cephcsi:latest:python3-httplib2-0.19.0-3.3.1
Ссылки
Уязвимость SUSE-SU-2021:1806-1