Security update for python-requests SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:1819-1 Final 1 1 2022-05-23T13:19:36Z current 2022-05-23T13:19:36Z 2022-05-23T13:19:36Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-requests This update for python-requests fixes the following issues: - CVE-2018-18074: Fixed to prevent the package to send an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect. (bsc#1111622) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). HPE-Helion-OpenStack-8-2022-1819,SUSE-2022-1819,SUSE-OpenStack-Cloud-8-2022-1819,SUSE-OpenStack-Cloud-9-2022-1819,SUSE-OpenStack-Cloud-Crowbar-8-2022-1819,SUSE-OpenStack-Cloud-Crowbar-9-2022-1819,SUSE-SLE-HA-12-SP3-2022-1819,SUSE-SLE-HA-12-SP4-2022-1819,SUSE-SLE-Manager-Tools-12-2022-1819,SUSE-SLE-Module-Adv-Systems-Management-12-2022-1819,SUSE-SLE-SAP-12-SP3-2022-1819,SUSE-SLE-SAP-12-SP4-2022-1819,SUSE-SLE-SERVER-12-SP2-BCL-2022-1819,SUSE-SLE-SERVER-12-SP3-2022-1819,SUSE-SLE-SERVER-12-SP3-BCL-2022-1819,SUSE-SLE-SERVER-12-SP4-LTSS-2022-1819 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20221819-1/ Link for SUSE-SU-2022:1819-1 https://lists.suse.com/pipermail/sle-security-updates/2022-May/011137.html E-Mail link for SUSE-SU-2022:1819-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1111622 SUSE Bug 1111622 https://www.suse.com/security/cve/CVE-2018-18074/ SUSE CVE CVE-2018-18074 page HPE Helion OpenStack 8 SUSE Linux Enterprise High Availability Extension 12 SP3 SUSE Linux Enterprise High Availability Extension 12 SP4 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Manager Tools 12 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 python-requests-2.11.1-6.31.1 python3-requests-2.11.1-6.31.1 python-requests-2.11.1-6.31.1 as a component of HPE Helion OpenStack 8 python-requests-2.11.1-6.31.1 as a component of SUSE Linux Enterprise High Availability Extension 12 SP3 python-requests-2.11.1-6.31.1 as a component of SUSE Linux Enterprise High Availability Extension 12 SP4 python-requests-2.11.1-6.31.1 as a component of SUSE Linux Enterprise Module for Advanced Systems Management 12 python3-requests-2.11.1-6.31.1 as a component of SUSE Linux Enterprise Module for Advanced Systems Management 12 python-requests-2.11.1-6.31.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL python-requests-2.11.1-6.31.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL python-requests-2.11.1-6.31.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS python-requests-2.11.1-6.31.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS python-requests-2.11.1-6.31.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 python-requests-2.11.1-6.31.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 python-requests-2.11.1-6.31.1 as a component of SUSE Manager Tools 12 python3-requests-2.11.1-6.31.1 as a component of SUSE Manager Tools 12 python-requests-2.11.1-6.31.1 as a component of SUSE OpenStack Cloud 8 python-requests-2.11.1-6.31.1 as a component of SUSE OpenStack Cloud 9 python-requests-2.11.1-6.31.1 as a component of SUSE OpenStack Cloud Crowbar 8 python-requests-2.11.1-6.31.1 as a component of SUSE OpenStack Cloud Crowbar 9 The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. CVE-2018-18074 HPE Helion OpenStack 8:python-requests-2.11.1-6.31.1 SUSE Linux Enterprise High Availability Extension 12 SP3:python-requests-2.11.1-6.31.1 SUSE Linux Enterprise High Availability Extension 12 SP4:python-requests-2.11.1-6.31.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:python-requests-2.11.1-6.31.1 SUSE Linux Enterprise Module for Advanced Systems Management 12:python3-requests-2.11.1-6.31.1 SUSE Linux Enterprise Server 12 SP2-BCL:python-requests-2.11.1-6.31.1 SUSE Linux Enterprise Server 12 SP3-BCL:python-requests-2.11.1-6.31.1 SUSE Linux Enterprise Server 12 SP3-LTSS:python-requests-2.11.1-6.31.1 SUSE Linux Enterprise Server 12 SP4-LTSS:python-requests-2.11.1-6.31.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:python-requests-2.11.1-6.31.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-requests-2.11.1-6.31.1 SUSE Manager Tools 12:python-requests-2.11.1-6.31.1 SUSE Manager Tools 12:python3-requests-2.11.1-6.31.1 SUSE OpenStack Cloud 8:python-requests-2.11.1-6.31.1 SUSE OpenStack Cloud 9:python-requests-2.11.1-6.31.1 SUSE OpenStack Cloud Crowbar 8:python-requests-2.11.1-6.31.1 SUSE OpenStack Cloud Crowbar 9:python-requests-2.11.1-6.31.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20221819-1/ https://www.suse.com/security/cve/CVE-2018-18074.html CVE-2018-18074 https://bugzilla.suse.com/1111622 SUSE Bug 1111622