Medium: python-pip

2015-06-11T08:09:00
ID ALAS-2015-541
Type amazon
Reporter Amazon
Modified 2015-06-11T08:09:00

Description

Issue Overview:

A flaw was found in the way python-requests set the domain cookie parameter for certain HTTP responses. A remote attacker could use this flaw to modify a cookie to be sent to an arbitrary URL.

Affected Packages:

python-pip

Issue Correction:
Run yum update python-pip to update your system.

New Packages:

noarch:  
    python26-pip-6.1.1-1.20.amzn1.noarch  
    python27-pip-6.1.1-1.20.amzn1.noarch  
    python34-pip-6.1.1-1.20.amzn1.noarch

src:  
    python-pip-6.1.1-1.20.amzn1.src