Описание
Security update for python-requests
This update for python-requests fixes the following issues:
- CVE-2018-18074: Fixed sending an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect (bsc#1111622)
Список пакетов
Image SLES15-Azure-BYOS
python3-requests-2.18.4-150000.3.3.1
Image SLES15-SAP-Azure-BYOS
python3-requests-2.18.4-150000.3.3.1
Image SLES15-SAP-Azure-LI-BYOS-Production
python3-requests-2.18.4-150000.3.3.1
Image SLES15-SAP-Azure-VLI-BYOS-Production
python3-requests-2.18.4-150000.3.3.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
python2-requests-2.18.4-150000.3.3.1
python3-requests-2.18.4-150000.3.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
python2-requests-2.18.4-150000.3.3.1
python3-requests-2.18.4-150000.3.3.1
SUSE Linux Enterprise Server 15-LTSS
python2-requests-2.18.4-150000.3.3.1
python3-requests-2.18.4-150000.3.3.1
SUSE Linux Enterprise Server for SAP Applications 15
python2-requests-2.18.4-150000.3.3.1
python3-requests-2.18.4-150000.3.3.1
Ссылки
- Link for SUSE-SU-2022:1448-1
- E-Mail link for SUSE-SU-2022:1448-1
- SUSE Security Ratings
- SUSE Bug 1111622
- SUSE CVE CVE-2018-18074 page
Описание
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
Затронутые продукты
Image SLES15-Azure-BYOS:python3-requests-2.18.4-150000.3.3.1
Image SLES15-SAP-Azure-BYOS:python3-requests-2.18.4-150000.3.3.1
Image SLES15-SAP-Azure-LI-BYOS-Production:python3-requests-2.18.4-150000.3.3.1
Image SLES15-SAP-Azure-VLI-BYOS-Production:python3-requests-2.18.4-150000.3.3.1
Ссылки
- CVE-2018-18074
- SUSE Bug 1111622