python3.11-urllib3-1.26.12-2.el9
エラータID: AXSA:2024-7978:01
リリース日:
2024/05/30 Thursday - 15:57
題名:
python3.11-urllib3-1.26.12-2.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- urllib には、"Cookie" HTTP ヘッダーを特別なヘッダーとして
処理しない問題があるため、リモートの攻撃者により、"Cookie"
HTTP ヘッダーを指定した状態での HTTP リダイレクトを介して、
別のオリジンへの Cookie 情報の漏洩を可能とする脆弱性が存在
します。(CVE-2023-43804)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-43804
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.
追加情報:
N/A
ダウンロード:
SRPMS
- python3.11-urllib3-1.26.12-2.el9.src.rpm
MD5: f21bcaa39e4cd5058f3e62524755c89e
SHA-256: 3c29d2f2b7b6ba83912466c0ffac14408080997290a36e2b2e1d7f30738554d5
Size: 276.44 kB
Asianux Server 9 for x86_64
- python3.11-urllib3-1.26.12-2.el9.noarch.rpm
MD5: 982723a18ef2344f584aa159d786646e
SHA-256: 8df3ca56a79e1e1d7cabdf9a2d11416fb3605197ebd60c2f62747f35c74679cb
Size: 231.44 kB