openSUSE-SU-2018:0965-1

Опубликовано: 16 апр. 2018

Источник: suse-cvrf

Описание

Security update for python-gunicorn, python3-gunicorn

This update for python-gunicorn, python3-gunicorn fixes the following issues:

CVE-2018-1000164: Improper neutralization of CRLF Sequences allow tricking the server to return arbitrary HTTP headers (boo#1088613)

Список пакетов

openSUSE Leap 42.3

python-gunicorn-19.3.0-4.3.1

python-gunicorn-doc-19.3.0-4.3.1

python3-gunicorn-19.3.0-5.3.1

python3-gunicorn-doc-19.3.0-5.3.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2018-04/msg00040.html
E-Mail link for openSUSE-SU-2018:0965-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0.

Затронутые продукты

openSUSE Leap 42.3:python-gunicorn-19.3.0-4.3.1

openSUSE Leap 42.3:python-gunicorn-doc-19.3.0-4.3.1

openSUSE Leap 42.3:python3-gunicorn-19.3.0-5.3.1

openSUSE Leap 42.3:python3-gunicorn-doc-19.3.0-5.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-1000164.html
CVE-2018-1000164
https://bugzilla.suse.com/1088613
SUSE Bug 1088613

openSUSE-SU-2018:0965-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2018-1000164

Описание

Затронутые продукты

Ссылки