Advisories » MGASA-2019-0259

Updated python-urllib3 packages fix security vulnerability

Publication date: 06 Sep 2019
Modification date: 06 Sep 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-11236

Description

It was discovered that urllib3 incorrectly stripped certain characters
from requests. A remote attacker could use this issue to perform CRLF
injection (CVE-2019-11236).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23880
• https://usn.ubuntu.com/3990-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11236

SRPMS

7/core

• python-urllib3-1.24.3-1.mga7