SUSE-SU-2024:2879-1

Details

This update for python-urllib3 fixes the following issues:

CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469)

Affected Packages

python-urllib3

SUSE Linux Enterprise Module for Public Cloud 12SUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP5SUSE Linux Enterprise Software Development Kit 12 SP5SUSE Linux Enterprise Workstation Extension 12 SP5

Fixed in:

1.25.10-3.40.1

python3-urllib3

SUSE Linux Enterprise Module for Public Cloud 12SUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP5SUSE Linux Enterprise Software Development Kit 12 SP5SUSE Linux Enterprise Workstation Extension 12 SP5

Fixed in:

1.25.10-3.40.1

References

REPORT

https://bugzilla.suse.com/1226469

WEB

https://www.suse.com/security/cve/CVE-2024-37891

ADVISORY

https://www.suse.com/support/update/announcement/2024/suse-su-20242879-1/