openSUSE-SU-2019:1754-1

Опубликовано: 20 июл. 2019

Источник: suse-cvrf

Описание

Security update for python-requests

This update for python-requests to version 2.20.1 fixes the following issues:

Security issue fixed:

CVE-2018-18074: Fixed an information disclosure vulnerability of the HTTP Authorization header (bsc#1111622).

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Список пакетов

openSUSE Leap 15.1

python2-requests-2.20.1-lp151.2.3.1

python2-requests-test-2.20.1-lp151.2.3.1

python3-requests-2.20.1-lp151.2.3.1

python3-requests-test-2.20.1-lp151.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MP4YZMRNZWWKOM2PEZWI5CN25N5QCYGS/#MP4YZMRNZWWKOM2PEZWI5CN25N5QCYGS
E-Mail link for openSUSE-SU-2019:1754-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1111622
SUSE Bug 1111622
https://www.suse.com/security/cve/CVE-2018-18074/
SUSE CVE CVE-2018-18074 page

Описание

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

Затронутые продукты

openSUSE Leap 15.1:python2-requests-2.20.1-lp151.2.3.1

openSUSE Leap 15.1:python2-requests-test-2.20.1-lp151.2.3.1

openSUSE Leap 15.1:python3-requests-2.20.1-lp151.2.3.1

openSUSE Leap 15.1:python3-requests-test-2.20.1-lp151.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-18074.html
CVE-2018-18074
https://bugzilla.suse.com/1111622
SUSE Bug 1111622

openSUSE-SU-2019:1754-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2018-18074

Описание

Затронутые продукты

Ссылки