Security update for python-urllib3 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:0342-1 Final 1 1 2021-02-08T16:40:14Z current 2021-02-08T16:40:14Z 2021-02-08T16:40:14Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-urllib3 This update for python-urllib3 fixes the following issues: - CVE-2020-26116: Raise ValueError if method contains control characters and thus prevent CRLF injection into URLs (bsc#1177211). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2021-342,SUSE-OpenStack-Cloud-9-2021-342,SUSE-OpenStack-Cloud-Crowbar-9-2021-342 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20210342-1/ Link for SUSE-SU-2021:0342-1 https://lists.suse.com/pipermail/sle-security-updates/2021-February/008283.html E-Mail link for SUSE-SU-2021:0342-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1177211 SUSE Bug 1177211 https://www.suse.com/security/cve/CVE-2020-26116/ SUSE CVE CVE-2020-26116 page SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 python-urllib3-1.23-3.18.1 python3-urllib3-1.23-3.18.1 python-urllib3-1.23-3.18.1 as a component of SUSE OpenStack Cloud 9 python-urllib3-1.23-3.18.1 as a component of SUSE OpenStack Cloud Crowbar 9 http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. CVE-2020-26116 SUSE OpenStack Cloud 9:python-urllib3-1.23-3.18.1 SUSE OpenStack Cloud Crowbar 9:python-urllib3-1.23-3.18.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210342-1/ https://www.suse.com/security/cve/CVE-2020-26116.html CVE-2020-26116 https://bugzilla.suse.com/1177120 SUSE Bug 1177120 https://bugzilla.suse.com/1177211 SUSE Bug 1177211 https://bugzilla.suse.com/1192361 SUSE Bug 1192361