Описание
Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3
This patch updates the Python AWS SDK stack in SLE 15:
General:
aws-cli
- Version updated to upstream release v1.19.9 For a detailed list of all changes, please refer to the changelog file of this package.
python-boto3
- Version updated to upstream release 1.17.9 For a detailed list of all changes, please refer to the changelog file of this package.
python-botocore
- Version updated to upstream release 1.20.9 For a detailed list of all changes, please refer to the changelog file of this package.
python-urllib3
- Version updated to upstream release 1.25.10 For a detailed list of all changes, please refer to the changelog file of this package.
python-service_identity
- Added this new package to resolve runtime dependencies for other packages. Version: 18.1.0
python-trustme
- Added this new package to resolve runtime dependencies for other packages. Version: 0.6.0
Security fixes:
python-urllib3:
- CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120)
Список пакетов
openSUSE Leap 15.3
aws-cli-1.19.9-26.1
python2-asn1crypto-0.24.0-3.2.1
python2-boto3-1.17.9-19.1
python2-botocore-1.20.9-33.1
python2-cffi-1.13.2-3.2.5
python2-cryptography-2.8-10.1
python2-pyasn1-0.4.2-3.2.1
python2-pycparser-2.17-3.2.1
python2-urllib3-1.25.10-9.14.1
python3-asn1crypto-0.24.0-3.2.1
python3-boto3-1.17.9-19.1
python3-botocore-1.20.9-33.1
python3-cffi-1.13.2-3.2.5
python3-cryptography-2.8-10.1
python3-pyasn1-0.4.2-3.2.1
python3-pycparser-2.17-3.2.1
Ссылки
- E-Mail link for openSUSE-SU-2021:2817-1
- SUSE Security Ratings
- SUSE Bug 1102408
- SUSE Bug 1138715
- SUSE Bug 1138746
- SUSE Bug 1176389
- SUSE Bug 1177120
- SUSE Bug 1182421
- SUSE Bug 1182422
- SUSE CVE CVE-2020-26137 page
Описание
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
Затронутые продукты
openSUSE Leap 15.3:aws-cli-1.19.9-26.1
openSUSE Leap 15.3:python2-asn1crypto-0.24.0-3.2.1
openSUSE Leap 15.3:python2-boto3-1.17.9-19.1
openSUSE Leap 15.3:python2-botocore-1.20.9-33.1
Ссылки
- CVE-2020-26137
- SUSE Bug 1177120
- SUSE Bug 1177211