Security update for python-urllib3
This update for python-urllib3 fixes the following issues:
Security issues fixed:
- CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071).
- CVE-2019-11324: Fixed invalid CA certificat verification (bsc#1132900).
- CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663).
- CVE-2018-20060: Remove Authorization header when redirecting cross-host (bsc#1119376).
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Ralf Haferkamp (rhafer)
Fixed bugs
bnc#1132900
VUL-1: CVE-2019-11324: python-urllib3: The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succee
bnc#1132663
VUL-1: CVE-2019-11236: python-urllib3: a CRLF injection is possible if the attacker controls the request parameter
bnc#1119376
VUL-0: CVE-2018-20060: python-urllib3: cross-host redirect does not remove Authorization header allow for credential exposure
bnc#1129071
VUL-1: CVE-2019-9740: python-urllib3: CRLF injection in urllib3
