Security update for python-urllib3 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2019:2370-1 Final 1 1 2019-09-12T11:30:43Z current 2019-09-12T11:30:43Z 2019-09-12T11:30:43Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-urllib3 This update for python-urllib3 fixes the following issues: Security issues fixed: - CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071). - CVE-2019-11324: Fixed invalid CA certificat verification (bsc#1132900). - CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663). - CVE-2018-20060: Remove Authorization header when redirecting cross-host (bsc#1119376). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES12-SP5-Azure-BYOS-2019-2370,Image SLES12-SP5-Azure-Basic-On-Demand-2019-2370,Image SLES12-SP5-Azure-HPC-BYOS-2019-2370,Image SLES12-SP5-Azure-HPC-On-Demand-2019-2370,Image SLES12-SP5-Azure-SAP-BYOS-2019-2370,Image SLES12-SP5-Azure-SAP-On-Demand-2019-2370,Image SLES12-SP5-Azure-Standard-On-Demand-2019-2370,Image SLES12-SP5-EC2-BYOS-2019-2370,Image SLES12-SP5-EC2-ECS-On-Demand-2019-2370,Image SLES12-SP5-EC2-On-Demand-2019-2370,Image SLES12-SP5-EC2-SAP-BYOS-2019-2370,Image SLES12-SP5-EC2-SAP-On-Demand-2019-2370,Image SLES12-SP5-GCE-BYOS-2019-2370,Image SLES12-SP5-GCE-On-Demand-2019-2370,Image SLES12-SP5-GCE-SAP-BYOS-2019-2370,Image SLES12-SP5-GCE-SAP-On-Demand-2019-2370,Image SLES12-SP5-OCI-BYOS-BYOS-2019-2370,Image SLES12-SP5-OCI-BYOS-SAP-BYOS-2019-2370,Image SLES12-SP5-SAP-Azure-LI-BYOS-Production-2019-2370,Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production-2019-2370,SUSE-2019-2370,SUSE-SLE-Module-Public-Cloud-12-2019-2370,SUSE-SUSE-Manager-Server-3.2-2019-2370,SUSE-Storage-4-2019-2370,SUSE-Storage-5-2019-2370 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2019/suse-su-20192370-1/ Link for SUSE-SU-2019:2370-1 https://www.suse.com/support/update/announcement/2019/suse-su-20192370-1.html E-Mail link for SUSE-SU-2019:2370-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1119376 SUSE Bug 1119376 https://bugzilla.suse.com/1129071 SUSE Bug 1129071 https://bugzilla.suse.com/1132663 SUSE Bug 1132663 https://bugzilla.suse.com/1132900 SUSE Bug 1132900 https://www.suse.com/security/cve/CVE-2018-20060/ SUSE CVE CVE-2018-20060 page https://www.suse.com/security/cve/CVE-2019-11236/ SUSE CVE CVE-2019-11236 page https://www.suse.com/security/cve/CVE-2019-11324/ SUSE CVE CVE-2019-11324 page https://www.suse.com/security/cve/CVE-2019-9740/ SUSE CVE CVE-2019-9740 page Image SLES12-SP5-Azure-BYOS Image SLES12-SP5-Azure-Basic-On-Demand Image SLES12-SP5-Azure-HPC-BYOS Image SLES12-SP5-Azure-HPC-On-Demand Image SLES12-SP5-Azure-SAP-BYOS Image SLES12-SP5-Azure-SAP-On-Demand Image SLES12-SP5-Azure-Standard-On-Demand Image SLES12-SP5-EC2-BYOS Image SLES12-SP5-EC2-ECS-On-Demand Image SLES12-SP5-EC2-On-Demand Image SLES12-SP5-EC2-SAP-BYOS Image SLES12-SP5-EC2-SAP-On-Demand Image SLES12-SP5-GCE-BYOS Image SLES12-SP5-GCE-On-Demand Image SLES12-SP5-GCE-SAP-BYOS Image SLES12-SP5-GCE-SAP-On-Demand Image SLES12-SP5-OCI-BYOS-BYOS Image SLES12-SP5-OCI-BYOS-SAP-BYOS Image SLES12-SP5-SAP-Azure-LI-BYOS-Production Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production SUSE Enterprise Storage 4 SUSE Enterprise Storage 5 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Manager Server 3.2 python-urllib3-1.22-3.14.1 python3-urllib3-1.22-3.14.1 python-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-Azure-BYOS python3-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-Azure-BYOS python3-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-Azure-Basic-On-Demand python-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-Azure-HPC-BYOS python3-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-Azure-HPC-BYOS python3-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-Azure-HPC-On-Demand python-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS python3-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS python-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demand python3-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demand python3-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-Azure-Standard-On-Demand python-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-EC2-BYOS python3-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-EC2-BYOS python-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-EC2-ECS-On-Demand python3-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-EC2-ECS-On-Demand python-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-EC2-On-Demand python3-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-EC2-On-Demand python-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS python3-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS python-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand python3-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand python-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-GCE-BYOS python3-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-GCE-BYOS python3-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-GCE-On-Demand python-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS python3-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS python-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-GCE-SAP-On-Demand python3-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-GCE-SAP-On-Demand python3-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-OCI-BYOS-BYOS python-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-OCI-BYOS-SAP-BYOS python3-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-OCI-BYOS-SAP-BYOS python-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production python-urllib3-1.22-3.14.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production python-urllib3-1.22-3.14.1 as a component of SUSE Enterprise Storage 4 python-urllib3-1.22-3.14.1 as a component of SUSE Enterprise Storage 5 python-urllib3-1.22-3.14.1 as a component of SUSE Linux Enterprise Module for Public Cloud 12 python3-urllib3-1.22-3.14.1 as a component of SUSE Linux Enterprise Module for Public Cloud 12 python-urllib3-1.22-3.14.1 as a component of SUSE Manager Server 3.2 urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. CVE-2018-20060 Image SLES12-SP5-Azure-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-Basic-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-HPC-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-HPC-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-HPC-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-SAP-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-SAP-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-SAP-On-Demand:python-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-SAP-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-Standard-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-ECS-On-Demand:python-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-ECS-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-On-Demand:python-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-SAP-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-SAP-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-SAP-On-Demand:python-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-SAP-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-SAP-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-SAP-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-SAP-On-Demand:python-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-SAP-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-OCI-BYOS-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-OCI-BYOS-SAP-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-OCI-BYOS-SAP-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:python-urllib3-1.22-3.14.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:python-urllib3-1.22-3.14.1 SUSE Enterprise Storage 4:python-urllib3-1.22-3.14.1 SUSE Enterprise Storage 5:python-urllib3-1.22-3.14.1 SUSE Linux Enterprise Module for Public Cloud 12:python-urllib3-1.22-3.14.1 SUSE Linux Enterprise Module for Public Cloud 12:python3-urllib3-1.22-3.14.1 SUSE Manager Server 3.2:python-urllib3-1.22-3.14.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20192370-1/ https://www.suse.com/security/cve/CVE-2018-20060.html CVE-2018-20060 https://bugzilla.suse.com/1119376 SUSE Bug 1119376 https://bugzilla.suse.com/1216275 SUSE Bug 1216275 In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 Image SLES12-SP5-Azure-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-Basic-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-HPC-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-HPC-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-HPC-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-SAP-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-SAP-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-SAP-On-Demand:python-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-SAP-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-Standard-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-ECS-On-Demand:python-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-ECS-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-On-Demand:python-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-SAP-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-SAP-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-SAP-On-Demand:python-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-SAP-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-SAP-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-SAP-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-SAP-On-Demand:python-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-SAP-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-OCI-BYOS-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-OCI-BYOS-SAP-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-OCI-BYOS-SAP-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:python-urllib3-1.22-3.14.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:python-urllib3-1.22-3.14.1 SUSE Enterprise Storage 4:python-urllib3-1.22-3.14.1 SUSE Enterprise Storage 5:python-urllib3-1.22-3.14.1 SUSE Linux Enterprise Module for Public Cloud 12:python-urllib3-1.22-3.14.1 SUSE Linux Enterprise Module for Public Cloud 12:python3-urllib3-1.22-3.14.1 SUSE Manager Server 3.2:python-urllib3-1.22-3.14.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20192370-1/ https://www.suse.com/security/cve/CVE-2019-11236.html CVE-2019-11236 https://bugzilla.suse.com/1129071 SUSE Bug 1129071 https://bugzilla.suse.com/1132663 SUSE Bug 1132663 The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument. CVE-2019-11324 Image SLES12-SP5-Azure-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-Basic-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-HPC-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-HPC-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-HPC-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-SAP-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-SAP-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-SAP-On-Demand:python-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-SAP-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-Standard-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-ECS-On-Demand:python-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-ECS-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-On-Demand:python-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-SAP-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-SAP-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-SAP-On-Demand:python-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-SAP-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-SAP-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-SAP-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-SAP-On-Demand:python-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-SAP-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-OCI-BYOS-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-OCI-BYOS-SAP-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-OCI-BYOS-SAP-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:python-urllib3-1.22-3.14.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:python-urllib3-1.22-3.14.1 SUSE Enterprise Storage 4:python-urllib3-1.22-3.14.1 SUSE Enterprise Storage 5:python-urllib3-1.22-3.14.1 SUSE Linux Enterprise Module for Public Cloud 12:python-urllib3-1.22-3.14.1 SUSE Linux Enterprise Module for Public Cloud 12:python3-urllib3-1.22-3.14.1 SUSE Manager Server 3.2:python-urllib3-1.22-3.14.1 low 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20192370-1/ https://www.suse.com/security/cve/CVE-2019-11324.html CVE-2019-11324 https://bugzilla.suse.com/1132900 SUSE Bug 1132900 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. CVE-2019-9740 Image SLES12-SP5-Azure-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-Basic-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-HPC-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-HPC-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-HPC-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-SAP-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-SAP-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-SAP-On-Demand:python-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-SAP-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-Azure-Standard-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-ECS-On-Demand:python-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-ECS-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-On-Demand:python-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-SAP-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-SAP-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-SAP-On-Demand:python-urllib3-1.22-3.14.1 Image SLES12-SP5-EC2-SAP-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-SAP-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-SAP-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-SAP-On-Demand:python-urllib3-1.22-3.14.1 Image SLES12-SP5-GCE-SAP-On-Demand:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-OCI-BYOS-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-OCI-BYOS-SAP-BYOS:python-urllib3-1.22-3.14.1 Image SLES12-SP5-OCI-BYOS-SAP-BYOS:python3-urllib3-1.22-3.14.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:python-urllib3-1.22-3.14.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:python-urllib3-1.22-3.14.1 SUSE Enterprise Storage 4:python-urllib3-1.22-3.14.1 SUSE Enterprise Storage 5:python-urllib3-1.22-3.14.1 SUSE Linux Enterprise Module for Public Cloud 12:python-urllib3-1.22-3.14.1 SUSE Linux Enterprise Module for Public Cloud 12:python3-urllib3-1.22-3.14.1 SUSE Manager Server 3.2:python-urllib3-1.22-3.14.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20192370-1/ https://www.suse.com/security/cve/CVE-2019-9740.html CVE-2019-9740 https://bugzilla.suse.com/1129071 SUSE Bug 1129071 https://bugzilla.suse.com/1130840 SUSE Bug 1130840 https://bugzilla.suse.com/1132663 SUSE Bug 1132663