Описание
Security update for python-urllib3
This update for python-urllib3 fixes the following issues:
- CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968).
Список пакетов
Image SLES12-SP5-Azure-BYOS
python-urllib3-1.25.10-3.34.1
python3-urllib3-1.25.10-3.34.1
Image SLES12-SP5-Azure-Basic-On-Demand
python3-urllib3-1.25.10-3.34.1
Image SLES12-SP5-Azure-HPC-BYOS
python-urllib3-1.25.10-3.34.1
python3-urllib3-1.25.10-3.34.1
Image SLES12-SP5-Azure-HPC-On-Demand
python3-urllib3-1.25.10-3.34.1
Image SLES12-SP5-Azure-SAP-BYOS
python-urllib3-1.25.10-3.34.1
python3-urllib3-1.25.10-3.34.1
Image SLES12-SP5-Azure-SAP-On-Demand
python-urllib3-1.25.10-3.34.1
python3-urllib3-1.25.10-3.34.1
Image SLES12-SP5-Azure-Standard-On-Demand
python3-urllib3-1.25.10-3.34.1
Image SLES12-SP5-EC2-BYOS
python-urllib3-1.25.10-3.34.1
python3-urllib3-1.25.10-3.34.1
Image SLES12-SP5-EC2-ECS-On-Demand
python-urllib3-1.25.10-3.34.1
python3-urllib3-1.25.10-3.34.1
Image SLES12-SP5-EC2-On-Demand
python-urllib3-1.25.10-3.34.1
python3-urllib3-1.25.10-3.34.1
Image SLES12-SP5-EC2-SAP-BYOS
python-urllib3-1.25.10-3.34.1
python3-urllib3-1.25.10-3.34.1
Image SLES12-SP5-EC2-SAP-On-Demand
python-urllib3-1.25.10-3.34.1
python3-urllib3-1.25.10-3.34.1
Image SLES12-SP5-GCE-BYOS
python-urllib3-1.25.10-3.34.1
python3-urllib3-1.25.10-3.34.1
Image SLES12-SP5-GCE-On-Demand
python3-urllib3-1.25.10-3.34.1
Image SLES12-SP5-GCE-SAP-BYOS
python-urllib3-1.25.10-3.34.1
python3-urllib3-1.25.10-3.34.1
Image SLES12-SP5-GCE-SAP-On-Demand
python-urllib3-1.25.10-3.34.1
python3-urllib3-1.25.10-3.34.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
python-urllib3-1.25.10-3.34.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
python-urllib3-1.25.10-3.34.1
SUSE Linux Enterprise Module for Public Cloud 12
python-urllib3-1.25.10-3.34.1
python3-urllib3-1.25.10-3.34.1
SUSE Linux Enterprise Server 12 SP5
python-urllib3-1.25.10-3.34.1
python3-urllib3-1.25.10-3.34.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
python-urllib3-1.25.10-3.34.1
python3-urllib3-1.25.10-3.34.1
SUSE Linux Enterprise Software Development Kit 12 SP5
python3-urllib3-1.25.10-3.34.1
SUSE Linux Enterprise Workstation Extension 12 SP5
python3-urllib3-1.25.10-3.34.1
Ссылки
- Link for SUSE-SU-2023:4064-1
- E-Mail link for SUSE-SU-2023:4064-1
- SUSE Security Ratings
- SUSE Bug 1215968
- SUSE CVE CVE-2023-43804 page
Описание
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:python-urllib3-1.25.10-3.34.1
Image SLES12-SP5-Azure-BYOS:python3-urllib3-1.25.10-3.34.1
Image SLES12-SP5-Azure-Basic-On-Demand:python3-urllib3-1.25.10-3.34.1
Image SLES12-SP5-Azure-HPC-BYOS:python-urllib3-1.25.10-3.34.1
Ссылки
- CVE-2023-43804
- SUSE Bug 1215968