Security update for httpie SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:2050-1 Final 1 1 2019-09-02T10:32:39Z current 2019-09-02T10:32:39Z 2019-09-02T10:32:39Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for httpie This update for httpie fixes the following issues: httpie was updated to version 1.0.3: * Fix CVE-2019-10751 (HTTPie is volnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control. (bsc#1148466) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-2050 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-09/msg00003.html E-Mail link for openSUSE-SU-2019:2050-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1148466 SUSE Bug 1148466 https://www.suse.com/security/cve/CVE-2019-10751/ SUSE CVE CVE-2019-10751 page SUSE Package Hub 15 SP1 openSUSE Leap 15.1 python3-httpie-1.0.3-bp151.2.3.1 python3-httpie-1.0.3-bp151.2.3.1 as a component of SUSE Package Hub 15 SP1 python3-httpie-1.0.3-bp151.2.3.1 as a component of openSUSE Leap 15.1 All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control. CVE-2019-10751 SUSE Package Hub 15 SP1:python3-httpie-1.0.3-bp151.2.3.1 openSUSE Leap 15.1:python3-httpie-1.0.3-bp151.2.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-09/msg00003.html https://www.suse.com/security/cve/CVE-2019-10751.html CVE-2019-10751 https://bugzilla.suse.com/1148466 SUSE Bug 1148466