Mageia Advisory: MGASA-2020-0269 - Updated python-httplib2 packages fix security vulnerability

Updated python-httplib2 packages fix security vulnerability

Publication date: 04 Jul 2020
Modification date: 04 Jul 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-11078

Description

Updated python-httplib2 packages fix security vulnerability:

In httplib2, an attacker controlling unescaped part of uri for
httplib2.Http.request() could change request headers and body, send
additional hidden requests to same server. This vulnerability impacts
software that uses httplib2 with uri constructed by string concatenation,
as opposed to proper urllib building with escaping (CVE-2020-11078).

References

https://bugs.mageia.org/show_bug.cgi?id=26750
https://www.debian.org/lts/security/2020/dla-2232
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11078

SRPMS

7/core

python-httplib2-0.18.0-1.mga7

Advisories » MGASA-2020-0269

Updated python-httplib2 packages fix security vulnerability

Description

References

SRPMS

7/core