Advisories ยป MGASA-2014-0409

Updated python-requests packages fix security vulnerabilities

Publication date: 09 Oct 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-1829 , CVE-2014-1830


Updated python-requests packages fix security vulnerability:

Python-requests was found to have a vulnerability, where the attacker can
retrieve the passwords from ~/.netrc file through redirect requests, if the
user has their passwords stored in the ~/.netrc file (CVE-2014-1829).

It was discovered that the python-requests Proxy-Authorization header was
never re-evaluated when a redirect occurs. The Proxy-Authorization header
was sent to any new proxy or non-proxy destination as redirected