Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2019.0258
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2019-0258)
Zusammenfassung:	The remote host is missing an update for the 'python-requests, python-urllib3' package(s) announced via the MGASA-2019-0258 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'python-requests, python-urllib3' package(s) announced via the MGASA-2019-0258 advisory. Vulnerability Insight: It was discovered that urllib3 incorrectly removed Authorization HTTP headers when handled cross-origin redirects. This could result in credentials being sent to unintended hosts (CVE-2018-20060). It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection (CVE-2019-11236). It was discovered that urllib3 incorrectly handled situations where a desired set of CA certificates were specified. This could result in certificates being accepted by the default CA certificates contrary to expectations (CVE-2019-11324). The python-urllib3 package has been updated to version 1.24.3 to fix these issues and other bugs. The python-requests package has been fixed to work with the updated python-urllib3 Affected Software/OS: 'python-requests, python-urllib3' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-20060 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWP36YW3KSVLXDBY3QJKDYEPCIMN3VQZ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BXLAXHM3Z6DUCXZ7ZXZ2EAYJXWDCZFCT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5SJERZEJDSUYQP7BNBXMBHRHGY26HRZD/ https://bugzilla.redhat.com/show_bug.cgi?id=1649153 https://github.com/urllib3/urllib3/blob/master/CHANGES.rst https://github.com/urllib3/urllib3/issues/1316 https://github.com/urllib3/urllib3/pull/1346 https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html RedHat Security Advisories: RHSA-2019:2272 https://access.redhat.com/errata/RHSA-2019:2272 SuSE Security Announcement: openSUSE-SU-2019:2131 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html https://usn.ubuntu.com/3990-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-11236 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/ https://github.com/urllib3/urllib3/issues/1553 https://lists.debian.org/debian-lts-announce/2019/06/msg00016.html https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html RedHat Security Advisories: RHSA-2019:3335 https://access.redhat.com/errata/RHSA-2019:3335 RedHat Security Advisories: RHSA-2019:3590 https://access.redhat.com/errata/RHSA-2019:3590 SuSE Security Announcement: openSUSE-SU-2019:2133 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html https://usn.ubuntu.com/3990-2/ Common Vulnerability Exposure (CVE) ID: CVE-2019-11324 https://github.com/urllib3/urllib3/compare/a6ec68a...1efadf4 http://www.openwall.com/lists/oss-security/2019/04/19/1
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.