openSUSE-SU-2020:2282-1

Опубликовано: 18 дек. 2020

Источник: suse-cvrf

Описание

Security update for python-urllib3

This update for python-urllib3 fixes the following issues:

CVE-2020-26137: Fixed a CRLF injection via HTTP request method (bsc#1177120).

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Список пакетов

openSUSE Leap 15.1

python2-urllib3-1.24-lp151.2.9.1

python2-urllib3-test-1.24-lp151.2.9.1

python3-urllib3-1.24-lp151.2.9.1

python3-urllib3-test-1.24-lp151.2.9.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VS7J7DOJY26YMLJIUVHRH7UQFVLGBWIQ/
E-Mail link for openSUSE-SU-2020:2282-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1177120
SUSE Bug 1177120
https://www.suse.com/security/cve/CVE-2020-26137/
SUSE CVE CVE-2020-26137 page

Описание

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

Затронутые продукты

openSUSE Leap 15.1:python2-urllib3-1.24-lp151.2.9.1

openSUSE Leap 15.1:python2-urllib3-test-1.24-lp151.2.9.1

openSUSE Leap 15.1:python3-urllib3-1.24-lp151.2.9.1

openSUSE Leap 15.1:python3-urllib3-test-1.24-lp151.2.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-26137.html
CVE-2020-26137
https://bugzilla.suse.com/1177120
SUSE Bug 1177120
https://bugzilla.suse.com/1177211
SUSE Bug 1177211

openSUSE-SU-2020:2282-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2020-26137

Описание

Затронутые продукты

Ссылки