python-urllib3 security update

1.10.2-7 - Provide python2-urllib3 - Add patch for CVE-2019-11236 Resolves: rhbz1703360 1.10.2-6 - Source URL switched to HTTPS protocol - Add patch for CVE-2018-20060 Resolves: rhbz1658471...

RHEL 7 : python-urllib3 (RHSA-2019:2272)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2272 advisory. The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3:...

python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...

Moderate: Red Hat Security Advisory: python-urllib3 security update

An update for python-urllib3 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

USN-3990-2: urllib3 vulnerability

USN-3990-1 fixed a vulnerability in urllib3. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection...

USN-3990-2 python-urllib3 vulnerability

USN-3990-1 fixed a vulnerability in urllib3. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection...

Amazon Linux AMI : python-urllib3 (ALAS-2019-1236)

In the urllib3 library for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2019-1236...

Medium: python-urllib3

Issue Overview: In the urllib3 library for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 Affected Packages: python-urllib3 Issue Correction: Run yum update python-urllib3 or yum update --advisory ALAS-2019-1236 to update your system. New Package...

Debian: Security Advisory (DLA-1828-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 1828-1] python-urllib3 security update

Package : python-urllib3 Version : 1.9.1-3+deb8u1 CVE ID : CVE-2019-11236 Debian Bug : 927172 A vulnerability was discovered in python-urllib3, an HTTP library with thread-safe connection pooling, whereby an attacker can inject CRLF characters in the request parameter. For Debian 8 "Jessie", this...

DLA-1828-1 python-urllib3 - security update

Bulletin has no description...

Amazon Linux AMI : python-urllib3 (ALAS-2019-1224)

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext...

[SECURITY] Fedora 29 Update: python-urllib3-1.24.3-1.fc29

Python HTTP module with connection pooling and file POST abilities...

Fedora 30 : python-urllib3 (2019-20bc611b61)

Update to v1.24.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security, Inc...

Fedora Update for python-urllib3 FEDORA-2019-20bc611b61

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for python-urllib3 FEDORA-2019-fbda9f1e49

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 29 : python-urllib3 (2019-fbda9f1e49)

Update to v1.24.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security, Inc...

[SECURITY] Fedora 30 Update: python-urllib3-1.24.3-1.fc30

Python HTTP module with connection pooling and file POST abilities...

Low: python-urllib3

Issue Overview: urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in...

EulerOS Virtualization for ARM 64 3.0.2.0 : python-urllib3 (EulerOS-SA-2019-1620)

According to the version of the python-urllib3 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is...