[ALSA-2024:0116] python-urllib3 security update
Severity
Moderate
Affected Packages
1
CVEs
2
python-urllib3 security update
The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities.
Security Fix(es):
- python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804)
- urllib3: Request body not stripped after redirect from 303 status changes request method to GET (CVE-2023-45803)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Package | Affected Version |
---|---|
pkg:rpm/almalinux/python3-urllib3?arch=noarch&distro=almalinux-8.9 | < 1.24.2-5.el8_9.2 |
- ID
- ALSA-2024:0116
- Severity
- moderate
- URL
- https://errata.almalinux.org/ALSA-2024:0116.html
- Published
-
2024-01-10T00:00:00
(8 months ago) - Modified
-
2024-01-16T17:20:14
(8 months ago) - Rights
- Copyright 2024 AlmaLinux OS
- Other Advisories
-
- ALAS2-2024-2387
- ALPINE:CVE-2023-43804
- ALPINE:CVE-2023-45803
- ALSA-2023:7753
- ALSA-2024:0133
- ALSA-2024:0464
- ALSA-2024:2132
- ALSA-2024:2159
- ALSA-2024:2968
- ALSA-2024:2985
- ALSA-2024:2986
- ALSA-2024:2987
- ELSA-2023-7753
- ELSA-2024-0116
- ELSA-2024-0133
- ELSA-2024-0464
- ELSA-2024-2132
- ELSA-2024-2159
- ELSA-2024-2968
- ELSA-2024-2985
- ELSA-2024-2986
- ELSA-2024-2987
- ELSA-2024-2988
- FEDORA-2023-0806784f24
- FEDORA-2023-18f03a150d
- FEDORA-2023-8f53bfe088
- FEDORA-2023-932b0c86f4
- FEDORA-2023-dede912109
- PYSEC-2023-192
- PYSEC-2023-212
- RHSA-2023:7753
- RHSA-2024:0116
- RHSA-2024:0133
- RHSA-2024:0464
- RHSA-2024:2132
- RHSA-2024:2159
- RHSA-2024:2952
- RHSA-2024:2968
- RHSA-2024:2985
- RHSA-2024:2986
- RHSA-2024:2987
- RHSA-2024:2988
- RLSA-2024:2968
- RLSA-2024:2986
- SUSE-SU-2023:4064-1
- SUSE-SU-2023:4108-1
- SUSE-SU-2023:4157-1
- SUSE-SU-2023:4352-1
- SUSE-SU-2023:4356-1
- SUSE-SU-2023:4467-1
- SUSE-SU-2023:4468-1
- SUSE-SU-2024:2462-1
- USN-6473-1
- USN-6473-2
Source | # ID | Name | URL |
---|---|---|---|
RHSA | RHSA-2024:0116 | https://access.redhat.com/errata/RHSA-2024:0116 | |
CVE | CVE-2023-43804 | https://access.redhat.com/security/cve/CVE-2023-43804 | |
CVE | CVE-2023-45803 | https://access.redhat.com/security/cve/CVE-2023-45803 | |
Bugzilla | 2242493 | https://bugzilla.redhat.com/2242493 | |
Bugzilla | 2246840 | https://bugzilla.redhat.com/2246840 | |
Self | ALSA-2024:0116 | https://errata.almalinux.org/8/ALSA-2024-0116.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/almalinux/python3-urllib3?arch=noarch&distro=almalinux-8.9 | almalinux | python3-urllib3 | < 1.24.2-5.el8_9.2 | almalinux-8.9 | noarch |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |