You are here
Home > Preporuke > Sigurnosni nedostaci programske biblioteke python-urllib3

Sigurnosni nedostaci programske biblioteke python-urllib3

==========================================================================
Ubuntu Security Notice USN-3990-1
May 21, 2019

python-urllib3 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in urllib3.

Software Description:
– python-urllib3: HTTP library with thread-safe connection pooling for Python

Details:

It was discovered that urllib3 incorrectly removed Authorization HTTP
headers when handled cross-origin redirects. This could result in
credentials being sent to unintended hosts. This issue only affected Ubuntu
16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20060)

It was discovered that urllib3 incorrectly stripped certain characters from
requests. A remote attacker could use this issue to perform CRLF injection.
(CVE-2019-11236)

It was discovered that urllib3 incorrectly handled situations where a
desired set of CA certificates were specified. This could result in
certificates being accepted by the default CA certificates contrary to
expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and
Ubuntu 19.04. (CVE-2019-11324)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
python-urllib3 1.24.1-1ubuntu0.1
python3-urllib3 1.24.1-1ubuntu0.1

Ubuntu 18.10:
python-urllib3 1.22-1ubuntu0.18.10.1
python3-urllib3 1.22-1ubuntu0.18.10.1

Ubuntu 18.04 LTS:
python-urllib3 1.22-1ubuntu0.18.04.1
python3-urllib3 1.22-1ubuntu0.18.04.1

Ubuntu 16.04 LTS:
python-urllib3 1.13.1-2ubuntu0.16.04.3
python3-urllib3 1.13.1-2ubuntu0.16.04.3

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3990-1
CVE-2018-20060, CVE-2019-11236, CVE-2019-11324

Package Information:
https://launchpad.net/ubuntu/+source/python-urllib3/1.24.1-1ubuntu0.1
https://launchpad.net/ubuntu/+source/python-urllib3/1.22-1ubuntu0.18.10.1
https://launchpad.net/ubuntu/+source/python-urllib3/1.22-1ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/python-urllib3/1.13.1-2ubuntu0.16.04.3

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlzkBDMACgkQZWnYVadE
vpMV3w/+K88O2/gPO+DxwK8XljD9je708HrY0952c4zLsWW8TMLyxjVZPHQdBlFT
e8lDgaxShS7tO2sPJXgi0w1KtQcThJ25qg/xgJHtZUvOCrtbZ1DPqdw3XcDZzTFp
RqOxZDL+5oEQRYo63TCKQ53HYD3JKpZlAU54DACIf0+o88sm7KrsTMymMUwJyfrv
kFTnDnlwHmsOJRjC1bd01G189ls5d6n8OZ5SHAKq6i+GnVD8W3l0C6pgJ4J8lt0J
9oUC7UxdlMGHL0B6Oh54IbjpYUK722stV4lRk1U0TCdnodV9RYjSG5f5rhpz0fjy
/k9EdrYFu4Trml/k8T2Wcywm8n8Fs3sukqu+StK9yaA43vhoi5ED8u6vK/ndLu7w
zGxvcwsV0eAEtzYtJH7atpJ+xxtsA99wvgG0FZ2fLYzT2ZpFOdi9fHDxsYhqAtpP
nGtdf1w/pgWaOzJScWK6MxT1RXydBo5zzRL3TabSCte/HCfibMyONe3V+K3UFa9F
zq2V2w+h8wKwWf7dKINlUiM+aK0NRO1DhSnnq6k68k3BIJw+u/ZNhON2HwXXakP9
pkDeVB2LJm5CwhAMp8g9/AEAEp+ePb6zla+gkq07VcL6RIq8bEQ/5R0aunm6PM0H
7dzhoKkAPh8OFRvl0MbKIZphngxQuZ3LQGkT/R3kSWV7Cgnohfo=
=lvin
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa Gradle

Otkriven je sigurnosni nedostatak u programskom paketu Gradle za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izvođenje MitM napada....

Close