Download
| Alert*
oval:org.secpod.oval:def:1502838
The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:69528 pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index . pip is a recursive acronym that can stand for either Pip Installs Packages or Pip Installs Python. Security Fix: * python-urllib3: Cross-host re ... oval:org.secpod.oval:def:1502839 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1601030 In the urllib3 library for Python, CRLF injection is possible if the attacker controls the request parameter oval:org.secpod.oval:def:66813 pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index . pip is a recursive acronym that can stand for either Pip Installs Packages or Pip Installs Python. Security Fix: * python-urllib3: Cross-host re ... oval:org.secpod.oval:def:1601095 In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results ... oval:org.secpod.oval:def:2105039 In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. oval:org.secpod.oval:def:55045 python-urllib3: HTTP library with thread-safe connection pooling for Python Several security issues were fixed in urllib3. oval:org.secpod.oval:def:205468 TODO: add package description Security Fix: * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure * python-urllib3: CRLF injection due to not encoding the "\r\n" sequence leading to possible attack on internal service * python-urllib3: Certificati ... oval:org.secpod.oval:def:117694 pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index . pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". oval:org.secpod.oval:def:1504163 [1.10.2-7] - Provide python2-urllib3 - Add patch for CVE-2019-11236 Resolves: rhbz#1703360 [1.10.2-6] - Source URL switched to HTTPS protocol - Add patch for CVE-2018-20060 Resolves: rhbz#1658471 oval:org.secpod.oval:def:503427 The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fix: * python-urllib3: CRLF injection due to not encoding the "\r\n" sequence leading to possible attack on internal service * python-urllib3: Certification mishandle when error shou ... oval:org.secpod.oval:def:1504367 [9.0.3-16] - Add four new patches for CVEs in bundled urllib3 and requests CVE-2018-20060, CVE-2019-11236, CVE-2019-11324, CVE-2018-18074 Resolves: rhbz#1649153 Resolves: rhbz#1700824 Resolves: rhbz#1702473 Resolves: rhbz#1643829 oval:org.secpod.oval:def:54968 python-urllib3: HTTP library with thread-safe connection pooling for Python Several security issues were fixed in urllib3. oval:org.secpod.oval:def:205465 The virtualenv tool creates isolated Python environments. The virtualenv tool is a successor to workingenv, and an extension of virtual-python. Security Fix: * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure * python-urllib3: CRLF injection due ... oval:org.secpod.oval:def:503307 The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fix: * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure * python-urllib3: CRLF injection due to not encoding the "\r\n" sequence ... oval:org.secpod.oval:def:503745 The virtualenv tool creates isolated Python environments. The virtualenv tool is a successor to workingenv, and an extension of virtual-python. Security Fix: * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure * python-urllib3: CRLF injection due ... oval:org.secpod.oval:def:66482 The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fix: * python-urllib3: CRLF injection due to not encoding the "\r\n" sequence leading to possible attack on internal service * python-urllib3: Certification mishandle when error shou ... oval:org.secpod.oval:def:89050742 This update for python-urllib3 fixes the following issues: Security issues fixed: - CVE-2019-9740: Fixed CRLF injection issue . - CVE-2019-11324: Fixed invalid CA certificat verification . - CVE-2019-11236: Fixed CRLF injection via request parameter . - CVE-2018-20060: Remove Authorization header wh ... oval:org.secpod.oval:def:54969 python-urllib3: HTTP library with thread-safe connection pooling for Python Several security issues were fixed in urllib3. oval:org.secpod.oval:def:66840 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. Security Fix: * numpy: crafted serialized object passed in numpy.load in pickle python module allows arbitrary code execution * ... oval:org.secpod.oval:def:116737 Python HTTP module with connection pooling and file POST abilities. oval:org.secpod.oval:def:205297 The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fix: * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure * python-urllib3: CRLF injection due to not encoding the "\r\n" sequence ... oval:org.secpod.oval:def:55058 python-urllib3: HTTP library with thread-safe connection pooling for Python Several security issues were fixed in urllib3. oval:org.secpod.oval:def:116750 Python HTTP module with connection pooling and file POST abilities. oval:org.secpod.oval:def:504402 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. Security Fix: * numpy: crafted serialized object passed in numpy.load in pickle python module allows arbitrary code execution * ... oval:org.secpod.oval:def:503555 TODO: add package description Security Fix: * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure * python-urllib3: CRLF injection due to not encoding the "\r\n" sequence leading to possible attack on internal service * python-urllib3: Certificati ... oval:org.secpod.oval:def:503753 pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index . pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python" Security Fix: * python ... oval:org.secpod.oval:def:1504251 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1700300 In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results ... oval:org.secpod.oval:def:1504399 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505300 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:503557 The virtualenv tool creates isolated Python environments. The virtualenv tool is a successor to workingenv, and an extension of virtual-python. Security Fix: * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure * python-urllib3: CRLF injection due ... oval:org.secpod.oval:def:704956 python-urllib3: HTTP library with thread-safe connection pooling for Python Several security issues were fixed in urllib3. oval:org.secpod.oval:def:89050898 This update for python-urllib3 fixes the following issues: Security issues fixed: - CVE-2019-9740: Fixed CRLF injection issue . - CVE-2019-11324: Fixed invalid CA certificat verification . - CVE-2019-11236: Fixed CRLF injection via request parameter . oval:org.secpod.oval:def:1700321 urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect . This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. In the urllib3 library through 1.24.1 for Python, CRLF injectio ... oval:org.secpod.oval:def:2500000 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. oval:org.secpod.oval:def:66834 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for My ... oval:org.secpod.oval:def:1505317 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:2500105 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for My ... oval:org.secpod.oval:def:69546 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for My ... |