python-requests-2.6.0-5.el7
エラータID: AXSA:2019-3973:01
The python-requests package contains a library designed to make HTTP requests easy for developers.
Security Fix(es):
* python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Asianux Server 7.7 Release Notes linked from the References section.
CVE-2018-18074
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
Update packages.
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
N/A
SRPMS
- python-requests-2.6.0-5.el7.src.rpm
MD5: 0df018c4df642fb9ccf8409ed71e1759
SHA-256: d5d162c7827234eabbddef115b45e55eadbc59e9c3010783a9604c87600cd5e4
Size: 442.13 kB
Asianux Server 7 for x86_64
- python-requests-2.6.0-5.el7.noarch.rpm
MD5: 690016d4e7d4521583a429b11d210cd9
SHA-256: 0a0d30d6a0171af191d67a95dc393dd70675637b16392ebb7b0f3d13bbcca386
Size: 93.20 kB