==========================================================================
Ubuntu Security Notice USN-2382-1
October 14, 2014
requests vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
Summary:
Requests could be made to expose authentication credentials over the
network.
Software Description:
– requests: elegant and simple HTTP library for Python
Details:
Jakub Wilk discovered that Requests incorrectly reused authentication
credentials after being redirected. An attacker could possibly use this
issue to obtain authentication credentials intended for another site.
(CVE-2014-1829, CVE-2014-1830)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
python-requests 2.2.1-1ubuntu0.1
python3-requests 2.2.1-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2382-1
CVE-2014-1829, CVE-2014-1830
Package Information:
https://launchpad.net/ubuntu/+source/requests/2.2.1-1ubuntu0.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJUPTaCAAoJEGVp2FWnRL6TxeIQAJ09UKjO/54z8y8JmGsT6iib
3n37IUzqKdkTikEfDgLQBRN9G1Njf88ep4eRO+F7V2q3COgpU5ZNUXT/P6E/Ep1W
XobInM1GgTuMIZBmoxMKM9sWbcTE/ZkkIDlb3kgfL2DNQM2LKsli4QOq3b/hsNJX
4N98Y4l4IlghEUXU2JQsGZXiVOYvVjqRPSHCTj0DNnV9cCTZ6064oWISWuqAGwyY
001m1AatIMSqqN8vOOEfiztTtyzH/4HGlE+0hZVOPD7VM7QQ4U516F0jDZ6ErkCP
FjhCHKqegSTkyfex/fDksOhuP9ZBQyyWE6b15OTgbe16ic694yr5xkNxEA0mIRbn
3A/bjImHEUDYiIihURpov5inddIghvAi8dfUPayK9tZvAPsJLzbQO1jTKQ8m04ut
I0EYFPrNv6a9Dhu+JD4phO3Zco+S78aopLQBaYUuFbYbEmXlcWmnn9pJW8hshy7J
85hXIokU7bV5B9Nl+Ob5IxaEuAwcPCt4RhuGztMIhq3ZAZB898zcxam762WdPGwa
l6kEXDe6hAAr6nhdJB5+NXTp+UTCE8VCvT8wRWFfrneIDpGnsCpUYgSkSZcPXSqA
m2d5Sz47w5Gq5ilJTSa4nK3xxPURNg40Tv9tutfJqqnzIcK5ZfM0p1QLqc3fen6V
7q0EHiDForYoK8UTr8r7
=fSRX
—–END PGP SIGNATURE—–
—