Updated python-requests packages fix security vulnerabilities
Publication date: 09 Oct 2014Modification date: 09 Oct 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-1829 , CVE-2014-1830
Description
Updated python-requests packages fix security vulnerability: Python-requests was found to have a vulnerability, where the attacker can retrieve the passwords from ~/.netrc file through redirect requests, if the user has their passwords stored in the ~/.netrc file (CVE-2014-1829). It was discovered that the python-requests Proxy-Authorization header was never re-evaluated when a redirect occurs. The Proxy-Authorization header was sent to any new proxy or non-proxy destination as redirected (CVE-2014-1830).
References
SRPMS
4/core
- python-requests-2.3.0-1.mga4