SUSE-SU-2022:1819-1

Опубликовано: 23 мая 2022

Источник: suse-cvrf

Описание

Security update for python-requests

This update for python-requests fixes the following issues:

CVE-2018-18074: Fixed to prevent the package to send an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect. (bsc#1111622)

Список пакетов

HPE Helion OpenStack 8

python-requests-2.11.1-6.31.1

SUSE Linux Enterprise High Availability Extension 12 SP3

python-requests-2.11.1-6.31.1

SUSE Linux Enterprise High Availability Extension 12 SP4

python-requests-2.11.1-6.31.1

SUSE Linux Enterprise Module for Advanced Systems Management 12

python-requests-2.11.1-6.31.1

python3-requests-2.11.1-6.31.1

SUSE Linux Enterprise Server 12 SP2-BCL

python-requests-2.11.1-6.31.1

SUSE Linux Enterprise Server 12 SP3-BCL

python-requests-2.11.1-6.31.1

SUSE Linux Enterprise Server 12 SP3-LTSS

python-requests-2.11.1-6.31.1

SUSE Linux Enterprise Server 12 SP4-LTSS

python-requests-2.11.1-6.31.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3

python-requests-2.11.1-6.31.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

python-requests-2.11.1-6.31.1

SUSE Manager Client Tools 12

python-requests-2.11.1-6.31.1

python3-requests-2.11.1-6.31.1

SUSE OpenStack Cloud 8

python-requests-2.11.1-6.31.1

SUSE OpenStack Cloud 9

python-requests-2.11.1-6.31.1

SUSE OpenStack Cloud Crowbar 8

python-requests-2.11.1-6.31.1

SUSE OpenStack Cloud Crowbar 9

python-requests-2.11.1-6.31.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20221819-1/
Link for SUSE-SU-2022:1819-1
https://lists.suse.com/pipermail/sle-security-updates/2022-May/011137.html
E-Mail link for SUSE-SU-2022:1819-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1111622
SUSE Bug 1111622
https://www.suse.com/security/cve/CVE-2018-18074/
SUSE CVE CVE-2018-18074 page

Описание

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

Затронутые продукты

HPE Helion OpenStack 8:python-requests-2.11.1-6.31.1

SUSE Linux Enterprise High Availability Extension 12 SP3:python-requests-2.11.1-6.31.1

SUSE Linux Enterprise High Availability Extension 12 SP4:python-requests-2.11.1-6.31.1

SUSE Linux Enterprise Module for Advanced Systems Management 12:python-requests-2.11.1-6.31.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-18074.html
CVE-2018-18074
https://bugzilla.suse.com/1111622
SUSE Bug 1111622

SUSE-SU-2022:1819-1

Описание

Список пакетов

HPE Helion OpenStack 8

SUSE Linux Enterprise High Availability Extension 12 SP3

SUSE Linux Enterprise High Availability Extension 12 SP4

SUSE Linux Enterprise Module for Advanced Systems Management 12

SUSE Linux Enterprise Server 12 SP2-BCL

SUSE Linux Enterprise Server 12 SP3-BCL

SUSE Linux Enterprise Server 12 SP3-LTSS

SUSE Linux Enterprise Server 12 SP4-LTSS

SUSE Linux Enterprise Server for SAP Applications 12 SP3

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Manager Client Tools 12

SUSE OpenStack Cloud 8

SUSE OpenStack Cloud 9

SUSE OpenStack Cloud Crowbar 8

SUSE OpenStack Cloud Crowbar 9

Ссылки

Уязвимость: CVE-2018-18074

Описание

Затронутые продукты

Ссылки