Lucene search

K
suseSuseOPENSUSE-SU-2021:0772-1
HistoryMay 23, 2021 - 12:00 a.m.

Security update for python-httplib2 (moderate)

2021-05-2300:00:00
lists.opensuse.org
18
python-httplib2
security update
cve-2021-21240
cve-2020-11078
sle 0.19.0
regular expression
denial of service
request headers
body
bug fix
crlf injection
proxy
cache invalidation
tls
python3 support
security vulnerability
http(s) connection
digicert global root g2

EPSS

0.005

Percentile

76.1%

An update that fixes two vulnerabilities is now available.

Description:

This update for python-httplib2 contains the following fixes:

Security fixes included in this update:

  • CVE-2021-21240: Fixed a regular expression denial of service via
    malicious header (bsc#1182053).
  • CVE-2020-11078: Fixed an issue where an attacker could change request
    headers and body (bsc#1171998).

Non security fixes included in this update:

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.2:

    zypper in -t patch openSUSE-2021-772=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.2noarch< - openSUSE Leap 15.2 (noarch):- openSUSE Leap 15.2 (noarch):.noarch.rpm