Updated python-pip packages fix security vulnerabilities

It was discovered that pip did not properly sanitize the filename during pip install. A remote attacker could possible use this issue to read and write arbitrary files on the host filesystem as root, resulting in a directory traversal attack CVE-2019-20916. urllib3 before 1.25.9 allows CRLF...

openSUSE Security Update : python-urllib3 (openSUSE-2020-2282)

This update for python-urllib3 fixes the following issues : - CVE-2020-26137: Fixed a CRLF injection via HTTP request method bsc1177120. This update was imported from the SUSE:SLE-15-SP1:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

python-urllib3: CRLF injection via HTTP request method

A flaw was found in python-urllib3. The HTTPConnection.request does not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation of the request by injecting additional HTTP headers. The highest threat from this vulnerability is to confidentiality and integrit...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.5.27 packages and security update

Red Hat OpenShift Container Platform release 4.5.27 is now available with updates to packages and images that fix several bugs and add enhancements. This release also includes a security update for Red Hat OpenShift Container Platform 4.5. Red Hat Product Security has rated this update as having ...

RHEL 7 : OpenShift Container Platform 3.11.374 (RHSA-2021:0079)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0079 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

RHEL 7 : OpenShift Container Platform 4.5.27 (RHSA-2021:0034)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0034 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

SUSE-SU-2020:3897-1 Security update for ardana-cassandra, ardana-mq, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-cinder, openstack-heat, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-ironic-python-agent, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, python-Jinja2, python-pysaml2, python-pytest, python-urllib3, release-notes-suse-openstack-cloud, spark

This update for ardana-cassandra, ardana-mq, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-cinder, openstack-heat, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-ironic-python-agent, openstack-manila,...

OPENSUSE-SU-2020:2282-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - CVE-2020-26137: Fixed a CRLF injection via HTTP request method bsc1177120. This update was imported from the SUSE:SLE-15-SP1:Update update project...

Security update for python-urllib3 (moderate)

openSUSE Security Update: Security update for python-urllib3 Announcement ID: openSUSE-SU-2020:2282-1 Rating: moderate References: 1177120 Cross-References: CVE-2020-26137 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...

openSUSE Security Update : python-urllib3 (openSUSE-2020-2237)

This update for python-urllib3 fixes the following issues : - CVE-2020-26137: Fixed a CRLF injection via HTTP request method bsc1177120. This update was imported from the SUSE:SLE-15-SP1:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

OPENSUSE-SU-2020:2237-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - CVE-2020-26137: Fixed a CRLF injection via HTTP request method bsc1177120. This update was imported from the SUSE:SLE-15-SP1:Update update project...

Security update for python-urllib3 (moderate)

openSUSE Security Update: Security update for python-urllib3 Announcement ID: openSUSE-SU-2020:2237-1 Rating: moderate References: 1177120 Cross-References: CVE-2020-26137 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for...

SUSE-SU-2020:3723-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - CVE-2020-26137: Fixed a CRLF injection via HTTP request method bsc1177120...

SUSE-SU-2020:3624-1 Security update for crowbar-openstack, grafana, influxdb, python-urllib3

This update for crowbar-openstack, grafana, influxdb, python-urllib3 contains the following fixes: Security fixes included in this update: openstack-glance - CVE-2016-8611: Added rate limiting for glance api bnc1005886 grafana - CVE-2020-24303: Fixed an XSS via a query alias for the ElasticSearch...

python-urllib3: CRLF injection via HTTP request method

A flaw was found in python-urllib3. The HTTPConnection.request does not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation of the request by injecting additional HTTP headers. The highest threat from this vulnerability is to confidentiality and integrit...

Ubuntu: Security Advisory (USN-4570-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4570-1: urllib3 vulnerability

It was discovered that urllib3 incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection...

CVE-2020-26137

A flaw was found in python-urllib3. The HTTPConnection.request does not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation of the request by injecting additional HTTP headers. The highest threat from this vulnerability is to confidentiality and integrit...

python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...

python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...