RedHatRHSA-2019:3590

HistoryNov 05, 2019 - 6:04 p.m.

(RHSA-2019:3590) Moderate: python-urllib3 security update

2019-11-0518:04:56

access.redhat.com

0.004 Low

EPSS

Percentile

74.8%

JSON

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities.

Security Fix(es):

python-urllib3: CRLF injection due to not encoding the ‘\r\n’ sequence leading to possible attack on internal service (CVE-2019-11236)
python-urllib3: Certification mishandle when error should be thrown (CVE-2019-11324)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8noarchpython3-urllib3< 1.24.2-2.el8python3-urllib3-1.24.2-2.el8.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	noarch	python3-urllib3	< 1.24.2-2.el8	python3-urllib3-1.24.2-2.el8.noarch.rpm

openvas

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2020-1354)

2020-04-01 00:00:00

Mageia: Security Advisory (MGASA-2020-0063)

2022-01-28 00:00:00

Fedora: Security Advisory for python-pip (FEDORA-2020-d0d9ad17d8)

2020-01-27 00:00:00

fedora

[SECURITY] Fedora 30 Update: python-pip-19.0.3-6.fc30

2020-01-20 03:19:41

[SECURITY] Fedora 31 Update: python-pip-19.1.1-7.fc31

2020-01-08 11:55:39

[SECURITY] Fedora 30 Update: python-urllib3-1.24.3-1.fc30

2019-06-12 14:48:30

nessus

Amazon Linux AMI : python-pip (ALAS-2020-1340)

2020-02-10 00:00:00

EulerOS 2.0 SP8 : python-pip (EulerOS-SA-2020-1176)

2020-02-25 00:00:00

RHEL 8 : python-urllib3 (RHSA-2019:3590)

2019-11-06 00:00:00

amazon

Medium: python-pip

2020-02-04 22:44:00

Medium: python-pip

2020-02-05 16:26:00

Medium: python-urllib3

2019-07-17 23:24:00

mageia

Updated python-pip packages fix security vulnerabilities

2020-01-28 14:32:54

Updated python-urllib3 packages fix security vulnerability

2019-09-07 00:09:08

Updated python-urllib3 packages fix security vulnerability

2019-09-07 00:09:08

freebsd

urllib3 -- multiple vulnerabilities

2018-12-11 00:00:00

suse

Security update for python-urllib3 (moderate)

2019-09-15 00:00:00

Security update for python-urllib3 (moderate)

2019-09-14 00:00:00

ubuntu

urllib3 vulnerabilities

2019-05-21 00:00:00

urllib3 vulnerability

2019-07-29 00:00:00

oraclelinux

python-pip security update

2020-05-05 00:00:00

python-pip security update

2020-05-19 00:00:00

python-pip security update

2020-03-18 00:00:00

debian

[SECURITY] [DLA 2686-1] python-urllib3 security update

2021-06-15 18:34:44

[SECURITY] [DLA 1828-1] python-urllib3 security update

2019-06-20 11:32:24

[SECURITY] [DLA 3610-1] python-urllib3 security update

2023-10-08 11:06:20

redhat

(RHSA-2020:2068) Moderate: python-pip security update

2020-05-12 14:03:16

(RHSA-2020:1916) Moderate: python-pip security update

2020-04-28 09:30:31

(RHSA-2020:0850) Moderate: python-pip security update

2020-03-17 13:10:26

centos

python3 security update

2020-03-18 19:33:57

python security update

2019-08-30 04:04:34

python security update

2020-03-25 19:10:05

osv

python-urllib3 - security update

2021-06-15 00:00:00

Improper Certificate Validation in urllib3

2019-04-19 16:55:10

PYSEC-2019-133

2019-04-18 21:29:00

veracode

SSL Hostname Verification Bypass

2019-04-22 03:35:22

Carriage Return Line Feed (CRLF) Injection

2019-04-16 03:25:10

debiancve

CVE-2019-11324

2019-04-18 21:29:00

CVE-2019-11236

2019-04-15 15:29:00

prion

Design/Logic Flaw

2019-04-18 21:29:00

Crlf injection

2019-04-15 15:29:00

github

Improper Certificate Validation in urllib3

2019-04-19 16:55:10

Improper Neutralization of CRLF Sequences in urllib3 library for Python

2022-05-13 01:09:23

K000133448 : Python urllib3 vulnerability CVE-2019-11324

2023-04-27 00:00:00

K000135001 : Python URLlib3 vulnerability CVE-2019-11236

2023-06-12 00:00:00

ibm

Security Bulletin: App Connect Enterprise Certified Container is vulnerable to CVE-2019-11324

2020-10-01 09:55:20

Security Bulletin: vulnerability in urllib3 library embedded into Tensorboard PowerAI CVE-2019-11324

2019-07-01 17:40:01

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to CRLF injection in Python urllib3 [CVE-2019-11236]

2024-02-29 20:49:54

nvd

CVE-2019-11324

2019-04-18 21:29:00

CVE-2019-11236

2019-04-15 15:29:00

redhatcve

CVE-2019-11324

2019-04-23 21:50:19

CVE-2019-11236

2021-07-25 09:09:28

cve

CVE-2019-11324

2019-04-18 21:29:00

CVE-2019-11236

2019-04-15 15:29:00

ubuntucve

CVE-2019-11324

2019-04-18 00:00:00

CVE-2019-11236

2019-04-15 00:00:00

cvelist

CVE-2019-11324

2019-04-18 00:00:00

CVE-2019-11236

2019-04-15 00:00:00

cbl_mariner

CVE-2019-11236 affecting package python-urllib3 1.24.2-2

2021-08-11 06:39:25

photon

Critical Photon OS Security Update - PHSA-2021-0442

2021-10-13 00:00:00

Important Photon OS Security Update - PHSA-2021-0246

2021-06-02 00:00:00

Important Photon OS Security Update - PHSA-2021-3.0-0246

2021-06-02 00:00:00

almalinux

Moderate: python27:2.7 security, bug fix, and enhancement update

2020-04-28 08:55:59

Moderate: python27:2.7 security and bug fix update

2019-11-05 17:32:12

rocky

python27:2.7 security and bug fix update

2019-11-05 17:32:12

python27:2.7 security, bug fix, and enhancement update

2020-04-28 08:55:59

(RHSA-2019:3590) Moderate: python-urllib3 security update

Related