python-urllib3-1.24.2-5.el8
エラータID: AXSA:2021-1947:01
Release date:
Monday, June 14, 2021 - 04:45
Subject:
python-urllib3-1.24.2-5.el8
Affected Channels:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities.
Security Fix(es):
* python-urllib3: CRLF injection via HTTP request method (CVE-2020-26137)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2020-26137
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
Solution:
Update packages.
CVEs:
CVE-2020-26137
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
Additional Info:
N/A
Download:
SRPMS
- python-urllib3-1.24.2-5.el8.src.rpm
MD5: 34fd2a2bb274658c267a9c1d8fcb96cd
SHA-256: 7a0da3eeec2f0e353e5af6f5504a6bad11524672b699448b396a32f6f642d412
Size: 229.62 kB
Asianux Server 8 for x86_64
- python3-urllib3-1.24.2-5.el8.noarch.rpm
MD5: e864b7073488aabb9b8fac46bf3069a7
SHA-256: 1185dc25105658f9292f486469f4bee9be2c6949bda8cedc05921bac4e785aee
Size: 175.59 kB
日本語