python-requests-2.6.0-5.el7

エラータID: AXSA:2019-3973:01

Release date: 
Wednesday, August 7, 2019 - 08:09
Subject: 
python-requests-2.6.0-5.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

The python-requests package contains a library designed to make HTTP requests easy for developers.

Security Fix(es):

* python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.7 Release Notes linked from the References section.

CVE-2018-18074
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

Solution: 

Update packages.

CVEs: 
CVE-2018-18074
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
Additional Info: 

N/A

Download: 

SRPMS
  1. python-requests-2.6.0-5.el7.src.rpm
    MD5: 0df018c4df642fb9ccf8409ed71e1759
    SHA-256: d5d162c7827234eabbddef115b45e55eadbc59e9c3010783a9604c87600cd5e4
    Size: 442.13 kB

Asianux Server 7 for x86_64
  1. python-requests-2.6.0-5.el7.noarch.rpm
    MD5: 690016d4e7d4521583a429b11d210cd9
    SHA-256: 0a0d30d6a0171af191d67a95dc393dd70675637b16392ebb7b0f3d13bbcca386
    Size: 93.20 kB