python3.11-urllib3-1.26.12-2.el8
エラータID: AXSA:2024-8336:02
The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities.
Security Fix(es):
* python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Asianux Server 8.10 Release Notes linked from the References section.
CVE-2023-43804
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.
Update packages.
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.
N/A
SRPMS
- python3.11-urllib3-1.26.12-2.el8.src.rpm
MD5: 9d4f6137d52c3bc0e3a66b4ac1fe36de
SHA-256: a7fc48469c2bf8c34a52cff136ecc51c5fa94bc9c2a78eaa9e5572d8116ca363
Size: 276.25 kB
Asianux Server 8 for x86_64
- python3.11-urllib3-1.26.12-2.el8.noarch.rpm
MD5: 8f72ab7e2989d086c0e2947f5f67cc99
SHA-256: 8c2b66adda0c40ac1114b1a5061ab666a43011f675f39963775be9c192ec0d93
Size: 238.64 kB
日本語