Security update for python-requests SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2019:1487-2 Final 1 1 2019-06-13T07:40:56Z current 2019-06-13T07:40:56Z 2019-06-13T07:40:56Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-requests This update for python-requests to version 2.20.1 fixes the following issues: Security issue fixed: - CVE-2018-18074: Fixed an information disclosure vulnerability of the HTTP Authorization header (bsc#1111622). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container caasp/v4/k8s-sidecar:0.1.75-2019-1487,Container ses/6/cephcsi/cephcsi:latest-2019-1487,Container ses/6/rook/ceph:latest-2019-1487,Container ses/7/ceph/ceph:latest-2019-1487,Container ses/7/cephcsi/cephcsi:latest-2019-1487,Container ses/7/rook/ceph:latest-2019-1487,SUSE-2019-1487,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1487 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2019/suse-su-20191487-2/ Link for SUSE-SU-2019:1487-2 https://lists.suse.com/pipermail/sle-security-updates/2019-October/006000.html E-Mail link for SUSE-SU-2019:1487-2 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1111622 SUSE Bug 1111622 https://www.suse.com/security/cve/CVE-2018-18074/ SUSE CVE CVE-2018-18074 page Container caasp/v4/k8s-sidecar:0.1.75 Container ses/6/cephcsi/cephcsi:latest Container ses/6/rook/ceph:latest Container ses/7/ceph/ceph:latest Container ses/7/cephcsi/cephcsi:latest Container ses/7/rook/ceph:latest python3-requests-2.20.1-6.3.2 python2-requests-2.20.1-6.3.2 python2-requests-test-2.20.1-6.3.2 python3-requests-test-2.20.1-6.3.2 python3-requests-2.20.1-6.3.2 as a component of Container caasp/v4/k8s-sidecar:0.1.75 python3-requests-2.20.1-6.3.2 as a component of Container ses/6/cephcsi/cephcsi:latest python3-requests-2.20.1-6.3.2 as a component of Container ses/6/rook/ceph:latest python3-requests-2.20.1-6.3.2 as a component of Container ses/7/ceph/ceph:latest python3-requests-2.20.1-6.3.2 as a component of Container ses/7/cephcsi/cephcsi:latest python3-requests-2.20.1-6.3.2 as a component of Container ses/7/rook/ceph:latest The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. CVE-2018-18074 Container caasp/v4/k8s-sidecar:0.1.75:python3-requests-2.20.1-6.3.2 Container ses/6/cephcsi/cephcsi:latest:python3-requests-2.20.1-6.3.2 Container ses/6/rook/ceph:latest:python3-requests-2.20.1-6.3.2 Container ses/7/ceph/ceph:latest:python3-requests-2.20.1-6.3.2 Container ses/7/cephcsi/cephcsi:latest:python3-requests-2.20.1-6.3.2 Container ses/7/rook/ceph:latest:python3-requests-2.20.1-6.3.2 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20191487-2/ https://www.suse.com/security/cve/CVE-2018-18074.html CVE-2018-18074 https://bugzilla.suse.com/1111622 SUSE Bug 1111622