==========================================================================
Ubuntu Security Notice USN-4570-1
October 05, 2020
python-urllib3 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
urllib3 could be used to perform a CRLF injection if it received a
specially crafted request.
Software Description:
– python-urllib3: HTTP library with thread-safe connection pooling
Details:
It was discovered that urllib3 incorrectly handled certain character
sequences. A remote attacker could possibly use this issue to perform CRLF
injection.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
python3-urllib3 1.25.8-2ubuntu0.1
Ubuntu 18.04 LTS:
python-urllib3 1.22-1ubuntu0.18.04.2
python3-urllib3 1.22-1ubuntu0.18.04.2
Ubuntu 16.04 LTS:
python-urllib3 1.13.1-2ubuntu0.16.04.4
python3-urllib3 1.13.1-2ubuntu0.16.04.4
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4570-1
CVE-2020-26137
Package Information:
https://launchpad.net/ubuntu/+source/python-urllib3/1.25.8-2ubuntu0.1
https://launchpad.net/ubuntu/+source/python-urllib3/1.22-1ubuntu0.18.04.2
https://launchpad.net/ubuntu/+source/python-urllib3/1.13.1-2ubuntu0.16.04.4
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl97aEEACgkQZWnYVadE
vpOWNg/9H4FoNDhTz9YK5WqabmjXU5S8e3/RSnkZJdf5op339hTT8BptoAgol0Y4
Qxp1YZGlhOx/bBXIfxD6OfpfD7lec0tueGXtrN3O2WOtMgRy/7Z/02jSOXKEGLo1
g+e4mht6aKV52GIPwk3woGRtK+JKus/LPuxxpC1xIEv98dpPFTWY6LrZpGgOkl0n
/+vjhHriQEVYeqArPaUsSOfWL8YCy6rBRbbdAKuhpsqzlWUibUgi2KPhGrAVElBm
/pfwQ5ZKFPp4mSkRYmeMqLakTL+aAVJebYiOgD34aMJuWII4oDfS7sKwiMF8xxlX
yIkubNrK2Os53NQ3vt/zefeFMzC+k/G/yv7g6PV9c5F+yUS1A1Ra9D0dJ/YMAkh3
iDrXAmKTL/irslltm9kz9zUWsu5R8md0+bEIB7Od6Bsj/ec9h2xWrIUf9eHHjFVG
VjI+UJeLMLQ9OhyETuntZA6PiRzA6e9COTmfldoz8bCX4u/IwCQX42ONjc06nVnV
FuGiBNH8ro8p85RXO1d4KvHKXfxM2mwPIingpxWThHmQof1grwkC12eMl/kpEE1N
g8AHpf8FKmf3eFCADewyVRoabpZE6vJT84n2Yo1dKeSTCkXWzsvBmFhxO0cSo7iC
OSohVKzdYiCw8LKI4C8ZJuroXgYOaX4u3eP3Wcj/1NfEgDcOSKY=
=N31N
—–END PGP SIGNATURE—–
—