python3.11-urllib3-1.26.12-2.el8
エラータID: AXSA:2024-8336:02
リリース日:
2024/06/18 Tuesday - 10:52
題名:
python3.11-urllib3-1.26.12-2.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- urllib には、"Cookie" HTTP ヘッダーを特別なヘッダーとして
処理しない問題があるため、リモートの攻撃者により、"Cookie"
HTTP ヘッダーを指定した状態での HTTP リダイレクトを介して、
別のオリジンへの Cookie 情報の漏洩を可能とする脆弱性が存在
します。(CVE-2023-43804)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-43804
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.
追加情報:
N/A
ダウンロード:
SRPMS
- python3.11-urllib3-1.26.12-2.el8.src.rpm
MD5: 9d4f6137d52c3bc0e3a66b4ac1fe36de
SHA-256: a7fc48469c2bf8c34a52cff136ecc51c5fa94bc9c2a78eaa9e5572d8116ca363
Size: 276.25 kB
Asianux Server 8 for x86_64
- python3.11-urllib3-1.26.12-2.el8.noarch.rpm
MD5: 8f72ab7e2989d086c0e2947f5f67cc99
SHA-256: 8c2b66adda0c40ac1114b1a5061ab666a43011f675f39963775be9c192ec0d93
Size: 238.64 kB
English