You are here
Home > Preporuke > Sigurnosni nedostatak programske biblioteke python-urllib3

Sigurnosni nedostatak programske biblioteke python-urllib3

==========================================================================
Ubuntu Security Notice USN-4570-1
October 05, 2020

python-urllib3 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

urllib3 could be used to perform a CRLF injection if it received a
specially crafted request.

Software Description:
– python-urllib3: HTTP library with thread-safe connection pooling

Details:

It was discovered that urllib3 incorrectly handled certain character
sequences. A remote attacker could possibly use this issue to perform CRLF
injection.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
python3-urllib3 1.25.8-2ubuntu0.1

Ubuntu 18.04 LTS:
python-urllib3 1.22-1ubuntu0.18.04.2
python3-urllib3 1.22-1ubuntu0.18.04.2

Ubuntu 16.04 LTS:
python-urllib3 1.13.1-2ubuntu0.16.04.4
python3-urllib3 1.13.1-2ubuntu0.16.04.4

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4570-1
CVE-2020-26137

Package Information:
https://launchpad.net/ubuntu/+source/python-urllib3/1.25.8-2ubuntu0.1
https://launchpad.net/ubuntu/+source/python-urllib3/1.22-1ubuntu0.18.04.2
https://launchpad.net/ubuntu/+source/python-urllib3/1.13.1-2ubuntu0.16.04.4

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl97aEEACgkQZWnYVadE
vpOWNg/9H4FoNDhTz9YK5WqabmjXU5S8e3/RSnkZJdf5op339hTT8BptoAgol0Y4
Qxp1YZGlhOx/bBXIfxD6OfpfD7lec0tueGXtrN3O2WOtMgRy/7Z/02jSOXKEGLo1
g+e4mht6aKV52GIPwk3woGRtK+JKus/LPuxxpC1xIEv98dpPFTWY6LrZpGgOkl0n
/+vjhHriQEVYeqArPaUsSOfWL8YCy6rBRbbdAKuhpsqzlWUibUgi2KPhGrAVElBm
/pfwQ5ZKFPp4mSkRYmeMqLakTL+aAVJebYiOgD34aMJuWII4oDfS7sKwiMF8xxlX
yIkubNrK2Os53NQ3vt/zefeFMzC+k/G/yv7g6PV9c5F+yUS1A1Ra9D0dJ/YMAkh3
iDrXAmKTL/irslltm9kz9zUWsu5R8md0+bEIB7Od6Bsj/ec9h2xWrIUf9eHHjFVG
VjI+UJeLMLQ9OhyETuntZA6PiRzA6e9COTmfldoz8bCX4u/IwCQX42ONjc06nVnV
FuGiBNH8ro8p85RXO1d4KvHKXfxM2mwPIingpxWThHmQof1grwkC12eMl/kpEE1N
g8AHpf8FKmf3eFCADewyVRoabpZE6vJT84n2Yo1dKeSTCkXWzsvBmFhxO0cSo7iC
OSohVKzdYiCw8LKI4C8ZJuroXgYOaX4u3eP3Wcj/1NfEgDcOSKY=
=N31N
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa brotli

Otkriven je sigurnosni nedostatak u programskom paketu brotli za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja....

Close