python3.11-urllib3-1.26.12-2.el9
エラータID: AXSA:2024-7978:01
The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities.
Security Fix(es):
* python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the MIRACLE LINUX 9.4 Release Notes linked from the References section.
CVE-2023-43804
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.
Update packages.
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.
N/A
SRPMS
- python3.11-urllib3-1.26.12-2.el9.src.rpm
MD5: f21bcaa39e4cd5058f3e62524755c89e
SHA-256: 3c29d2f2b7b6ba83912466c0ffac14408080997290a36e2b2e1d7f30738554d5
Size: 276.44 kB
Asianux Server 9 for x86_64
- python3.11-urllib3-1.26.12-2.el9.noarch.rpm
MD5: 982723a18ef2344f584aa159d786646e
SHA-256: 8df3ca56a79e1e1d7cabdf9a2d11416fb3605197ebd60c2f62747f35c74679cb
Size: 231.44 kB
日本語