SUSE-SU-2021:1807-1 Security update for python-httplib2

This update for python-httplib2 contains the following fixes: Security fixes included in this update: - CVE-2021-21240: Fixed a regular expression denial of service via malicious header bsc1182053. - CVE-2020-11078: Fixed an issue where an attacker could change request headers and body bsc1171998...

SUSE-SU-2021:1806-1 Security update for python-httplib2

This update for python-httplib2 fixes the following issues: - Update to version 0.19.0 bsc1182053. - CVE-2021-21240: Fixed regular expression denial of service via malicious header bsc1182053. - CVE-2020-11078: Fixed unescaped part of uri where an attacker could change request headers and body...

RHEL 8 : Red Hat OpenStack Platform 16.1.6 (python-httplib2) (RHSA-2021:2116)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2116 advisory. A comprehensive HTTP client library that supports many features left out of other HTTP libraries. Security Fixes: CRLF injection via an...

OPENSUSE-SU-2021:0796-1 Security update for python-httplib2

This update for python-httplib2 contains the following fixes: Security fixes included in this update: - CVE-2021-21240: Fixed a regular expression denial of service via malicious header bsc1182053. - CVE-2020-11078: Fixed an issue where an attacker could change request headers and body bsc1171998...

python-httplib2: Regular expression denial of service via malicious header

An uncontrolled resource consumption flaw as found in python-httplib2, due to a flawed regular expression used while parsing the WWW-Authenticate header in an HTTP response. This flaw allows a malicious or compromised server to reply with a crafted sequence of characters in the WWW-Authenticate...

python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function

A flaw was found in python-httplib2. An attacker controlling an unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenatio...

Security update for python-httplib2 (moderate)

openSUSE Security Update: Security update for python-httplib2 Announcement ID: openSUSE-SU-2021:0796-1 Rating: moderate References: 1171998 1182053 Cross-References: CVE-2020-11078 CVE-2021-21240 CVSS scores: CVE-2020-11078 NVD : 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N CVE-2020-11078 SUS...

openSUSE Security Update : python-httplib2 (openSUSE-2021-772)

This update for python-httplib2 contains the following fixes : Security fixes included in this update : - CVE-2021-21240: Fixed a regular expression denial of service via malicious header bsc1182053. - CVE-2020-11078: Fixed an issue where an attacker could change request headers and body...

openSUSE: Security Advisory for python-httplib2 (openSUSE-SU-2021:0772-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2021:0772-1 Security update for python-httplib2

This update for python-httplib2 contains the following fixes: Security fixes included in this update: - CVE-2021-21240: Fixed a regular expression denial of service via malicious header bsc1182053. - CVE-2020-11078: Fixed an issue where an attacker could change request headers and body bsc1171998...

Security update for python-httplib2 (moderate)

openSUSE Security Update: Security update for python-httplib2 Announcement ID: openSUSE-SU-2021:0772-1 Rating: moderate References: 1171998 1182053 Cross-References: CVE-2020-11078 CVE-2021-21240 CVSS scores: CVE-2020-11078 NVD : 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N CVE-2020-11078 SUS...

SUSE-SU-2021:1637-1 Security update for python-httplib2

This update for python-httplib2 contains the following fixes: Security fixes included in this update: - CVE-2021-21240: Fixed a regular expression denial of service via malicious header bsc1182053. - CVE-2020-11078: Fixed an issue where an attacker could change request headers and body bsc1171998...

MGASA-2021-0122 Updated python-httplib2 packages fix a security vulnerability

A malicious server which responds with long series of \xa0 characters in the www-authenticate header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said server CVE-2021-21240...

[ASA-202102-35] python-httplib2: denial of service

Arch Linux Security Advisory ASA-202102-35 ========================================== Severity: Medium Date : 2021-02-27 CVE-ID : CVE-2021-21240 Package : python-httplib2 Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1546 Summary ======= The package python-httpli...

CVE-2021-21240

An uncontrolled resource consumption flaw as found in python-httplib2, due to a flawed regular expression used while parsing the WWW-Authenticate header in an HTTP response. This flaw allows a malicious or compromised server to reply with a crafted sequence of characters in the WWW-Authenticate...

CentOS 8 : resource-agents (CESA-2020:4605)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:4605 advisory. - python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function CVE-2020-11078 Note that Nessus has not...

Virtuozzo 7 : fence-agents-aliyun / fence-agents-all / etc (VZLSA-2020-5003)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5003 advisory. - python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function CVE-2020-11078 Note that Nessus...

Virtuozzo 7 : resource-agents / resource-agents-aliyun / etc (VZLSA-2020-5004)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5004 advisory. - python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function CVE-2020-11078 Note that Nessus...

CentOS: Security Advisory for resource-agents (CESA-2020:5004)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CentOS: Security Advisory for fence-agents-aliyun (CESA-2020:5003)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...