openSUSE-SU-2021:2012-1

Опубликовано: 10 июл. 2021

Источник: suse-cvrf

Описание

Security update for python-urllib3

This update for python-urllib3 fixes the following issues:

CVE-2021-33503: Fixed a denial of service when the URL contained many @ characters in the authority component (bsc#1187045)

Список пакетов

openSUSE Leap 15.3

python3-urllib3-1.25.10-4.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NYARUF6IH56FOIKBV7PTO7AXODL5GKNT/
E-Mail link for openSUSE-SU-2021:2012-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1187045
SUSE Bug 1187045
https://www.suse.com/security/cve/CVE-2021-33503/
SUSE CVE CVE-2021-33503 page

Описание

An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.

Затронутые продукты

openSUSE Leap 15.3:python3-urllib3-1.25.10-4.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-33503.html
CVE-2021-33503
https://bugzilla.suse.com/1187045
SUSE Bug 1187045

openSUSE-SU-2021:2012-1

Описание

Список пакетов

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2021-33503

Описание

Затронутые продукты

Ссылки