Oval Definition:oval:org.opensuse.security:def:60098
Revision Date:2020-12-01Version:1
Title:Security update for python3-requests (Moderate)
Description:
This update for python3-requests provides the following fix:

python-requests was updated to 2.20.1.

Update to version 2.20.1:

* Fixed bug with unintended Authorization header stripping for
redirects using default ports (http/80, https/443).

Update to version 2.20.0:

* Bugfixes

+ Content-Type header parsing is now case-insensitive
(e.g. charset=utf8 v Charset=utf8).
+ Fixed exception leak where certain redirect urls would raise
uncaught urllib3 exceptions.
+ Requests removes Authorization header from requests redirected
from https to http on the same hostname. (CVE-2018-18074)
+ should_bypass_proxies now handles URIs without hostnames
(e.g. files).

Update to version 2.19.1:

* Fixed issue where status_codes.py’s init function failed trying
to append to a __doc__ value of None.

Update to version 2.19.0:

* Improvements

+ Warn about possible slowdown with cryptography version < 1.3.4
+ Check host in proxy URL, before forwarding request to adapter.
+ Maintain fragments properly across redirects. (RFC7231 7.1.2)
+ Removed use of cgi module to expedite library load time.
+ Added support for SHA-256 and SHA-512 digest auth algorithms.
+ Minor performance improvement to Request.content.

* Bugfixes

+ Parsing empty Link headers with parse_header_links() no longer
return one bogus entry.
+ Fixed issue where loading the default certificate bundle from
a zip archive would raise an IOError.
+ Fixed issue with unexpected ImportError on windows system
which do not support winreg module.
+ DNS resolution in proxy bypass no longer includes the username
and password in the request. This also fixes the issue of DNS
queries failing on macOS.
+ Properly normalize adapter prefixes for url comparison.
+ Passing None as a file pointer to the files param no longer
raises an exception.
+ Calling copy on a RequestsCookieJar will now preserve the
cookie policy correctly.

Update to version 2.18.4:

* Improvements

+ Error messages for invalid headers now include the header name
for easier debugging

Update to version 2.18.3:

* Improvements
+ Running $ python -m requests.help now includes the installed
version of idna.
* Bugfixes
+ Fixed issue where Requests would raise ConnectionError instead
of SSLError when encountering SSL problems when using urllib3
v1.22.

- Add ca-certificates (and ca-certificates-mozilla) to dependencies, otherwise https
connections will fail.
Family:unixClass:patch
Status:Reference(s):1020950
1024749
1045460
1050469
1054413
1073879
1083630
1086001
1088004
1088009
1097775
1099805
1099808
1106383
1109663
1111622
1113160
1122668
1133495
1134195
1135715
1138822
1139459
1141661
1142038
1143913
1148177
1148931
1151377
1151506
1153090
1153277
1154043
1154940
1154968
1155372
1155574
1156323
1156324
1156326
1156328
1156329
1156482
1159814
1162108
1162687
1162689
1162691
1163871
1165921
1168310
1170231
1170557
1171687
1172186
1172462
1173027
1173455
761500
922448
929736
935252
945455
947357
961596
967128
CVE-2009-0758
CVE-2010-0407
CVE-2010-1163
CVE-2010-1646
CVE-2010-2244
CVE-2010-4531
CVE-2011-0010
CVE-2011-1002
CVE-2012-2337
CVE-2013-1775
CVE-2013-1776
CVE-2014-3065
CVE-2014-3566
CVE-2014-4288
CVE-2014-6456
CVE-2014-6457
CVE-2014-6458
CVE-2014-6466
CVE-2014-6476
CVE-2014-6492
CVE-2014-6493
CVE-2014-6502
CVE-2014-6503
CVE-2014-6506
CVE-2014-6511
CVE-2014-6512
CVE-2014-6513
CVE-2014-6515
CVE-2014-6527
CVE-2014-6531
CVE-2014-6532
CVE-2014-6558
CVE-2014-8891
CVE-2014-8892
CVE-2014-9680
CVE-2015-0138
CVE-2015-0192
CVE-2015-0204
CVE-2015-0458
CVE-2015-0459
CVE-2015-0469
CVE-2015-0477
CVE-2015-0478
CVE-2015-0480
CVE-2015-0488
CVE-2015-0491
CVE-2015-1914
CVE-2015-1931
CVE-2015-2296
CVE-2015-2590
CVE-2015-2601
CVE-2015-2613
CVE-2015-2619
CVE-2015-2621
CVE-2015-2625
CVE-2015-2632
CVE-2015-2637
CVE-2015-2638
CVE-2015-2664
CVE-2015-2808
CVE-2015-4000
CVE-2015-4729
CVE-2015-4731
CVE-2015-4732
CVE-2015-4733
CVE-2015-4734
CVE-2015-4748
CVE-2015-4749
CVE-2015-4760
CVE-2015-4803
CVE-2015-4805
CVE-2015-4806
CVE-2015-4810
CVE-2015-4835
CVE-2015-4840
CVE-2015-4842
CVE-2015-4843
CVE-2015-4844
CVE-2015-4860
CVE-2015-4871
CVE-2015-4872
CVE-2015-4882
CVE-2015-4883
CVE-2015-4893
CVE-2015-4902
CVE-2015-4903
CVE-2015-4911
CVE-2015-5006
CVE-2015-5041
CVE-2015-7575
CVE-2015-7981
CVE-2015-8126
CVE-2015-8472
CVE-2015-8540
CVE-2016-0264
CVE-2016-0363
CVE-2016-0376
CVE-2016-0402
CVE-2016-0448
CVE-2016-0466
CVE-2016-0483
CVE-2016-0494
CVE-2016-0686
CVE-2016-0687
CVE-2016-10109
CVE-2016-2183
CVE-2016-3422
CVE-2016-3426
CVE-2016-3427
CVE-2016-3443
CVE-2016-3449
CVE-2016-3485
CVE-2016-3511
CVE-2016-3598
CVE-2016-5542
CVE-2016-5554
CVE-2016-5556
CVE-2016-5568
CVE-2016-5573
CVE-2016-5597
CVE-2016-7032
CVE-2016-7076
CVE-2016-7586
CVE-2016-7589
CVE-2016-7592
CVE-2016-7599
CVE-2016-7623
CVE-2016-7632
CVE-2016-7635
CVE-2016-7639
CVE-2016-7641
CVE-2016-7645
CVE-2016-7652
CVE-2016-7654
CVE-2016-7656
CVE-2016-9840
CVE-2016-9841
CVE-2016-9842
CVE-2016-9843
CVE-2017-1000367
CVE-2017-1000368
CVE-2017-12627
CVE-2017-1289
CVE-2017-2350
CVE-2017-2354
CVE-2017-2355
CVE-2017-2356
CVE-2017-2362
CVE-2017-2363
CVE-2017-2364
CVE-2017-2365
CVE-2017-2366
CVE-2017-2369
CVE-2017-2371
CVE-2017-2373
CVE-2017-2496
CVE-2017-2510
CVE-2017-2538
CVE-2017-2539
CVE-2017-3509
CVE-2017-3511
CVE-2017-3512
CVE-2017-3514
CVE-2017-3533
CVE-2017-3539
CVE-2017-3544
CVE-2017-7018
CVE-2017-7030
CVE-2017-7034
CVE-2017-7037
CVE-2017-7039
CVE-2017-7046
CVE-2017-7048
CVE-2017-7055
CVE-2017-7056
CVE-2017-7061
CVE-2017-7064
CVE-2018-1000802
CVE-2018-1060
CVE-2018-1061
CVE-2018-10855
CVE-2018-10874
CVE-2018-10875
CVE-2018-18074
CVE-2019-10215
CVE-2019-12523
CVE-2019-12526
CVE-2019-12528
CVE-2019-15043
CVE-2019-18676
CVE-2019-18677
CVE-2019-18678
CVE-2019-18679
CVE-2019-8595
CVE-2019-8607
CVE-2019-8615
CVE-2019-8644
CVE-2019-8649
CVE-2019-8658
CVE-2019-8666
CVE-2019-8669
CVE-2019-8671
CVE-2019-8672
CVE-2019-8673
CVE-2019-8676
CVE-2019-8677
CVE-2019-8678
CVE-2019-8679
CVE-2019-8680
CVE-2019-8681
CVE-2019-8683
CVE-2019-8684
CVE-2019-8686
CVE-2019-8687
CVE-2019-8688
CVE-2019-8689
CVE-2019-8690
CVE-2020-12245
CVE-2020-13379
CVE-2020-15049
CVE-2020-1712
CVE-2020-8165
CVE-2020-8177
CVE-2020-8449
CVE-2020-8450
CVE-2020-8517
SUSE-SU-2017:2933-1
SUSE-SU-2018:3554-1
SUSE-SU-2018:4130-1
SUSE-SU-2019:2345-2
SUSE-SU-2020:1732-1
SUSE-SU-2020:1946-1
SUSE-SU-2020:1970-1
SUSE-SU-2020:2929-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP4-LTSS
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • MozillaFirefox-60.4.0-lp150.3.30 is installed
  • OR MozillaFirefox-branding-upstream-60.4.0-lp150.3.30 is installed
  • OR MozillaFirefox-buildsymbols-60.4.0-lp150.3.30 is installed
  • OR MozillaFirefox-devel-60.4.0-lp150.3.30 is installed
  • OR MozillaFirefox-translations-common-60.4.0-lp150.3.30 is installed
  • OR MozillaFirefox-translations-other-60.4.0-lp150.3.30 is installed
  • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • bzip2-1.0.6-lp151.5.9 is installed
  • OR bzip2-doc-1.0.6-lp151.5.9 is installed
  • OR libbz2-1-1.0.6-lp151.5.9 is installed
  • OR libbz2-1-32bit-1.0.6-lp151.5.9 is installed
  • OR libbz2-devel-1.0.6-lp151.5.9 is installed
  • OR libbz2-devel-32bit-1.0.6-lp151.5.9 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • python-certifi-2018.4.16-3.6 is installed
  • OR python-chardet-3.0.4-5.6 is installed
  • OR python-urllib3-1.22-3.20 is installed
  • OR python3-certifi-2018.4.16-3.6 is installed
  • OR python3-chardet-3.0.4-5.6 is installed
  • OR python3-requests-2.20.1-5 is installed
  • OR python3-urllib3-1.22-3.20 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • avahi-0.6.32-30 is installed
  • OR avahi-lang-0.6.32-30 is installed
  • OR avahi-utils-0.6.32-30 is installed
  • OR libavahi-client3-0.6.32-30 is installed
  • OR libavahi-client3-32bit-0.6.32-30 is installed
  • OR libavahi-common3-0.6.32-30 is installed
  • OR libavahi-common3-32bit-0.6.32-30 is installed
  • OR libavahi-core7-0.6.32-30 is installed
  • OR libdns_sd-0.6.32-30 is installed
  • OR libdns_sd-32bit-0.6.32-30 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • libjavascriptcoregtk-4_0-18-2.28.2-2.53 is installed
  • OR libwebkit2gtk-4_0-37-2.28.2-2.53 is installed
  • OR typelib-1_0-JavaScriptCore-4_0-2.28.2-2.53 is installed
  • OR typelib-1_0-WebKit2-4_0-2.28.2-2.53 is installed
  • OR webkit2gtk-4_0-injected-bundles-2.28.2-2.53 is installed
  • OR webkit2gtk3-2.28.2-2.53 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • kernel-default-4.4.180-94.103 is installed
  • OR kernel-default-base-4.4.180-94.103 is installed
  • OR kernel-default-devel-4.4.180-94.103 is installed
  • OR kernel-devel-4.4.180-94.103 is installed
  • OR kernel-macros-4.4.180-94.103 is installed
  • OR kernel-source-4.4.180-94.103 is installed
  • OR kernel-syms-4.4.180-94.103 is installed
  • OR kgraft-patch-4_4_180-94_103-default-1-4.3 is installed
  • OR kgraft-patch-SLE12-SP3_Update_28-1-4.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • libjavascriptcoregtk-4_0-18-2.24.4-2.47 is installed
  • OR libwebkit2gtk-4_0-37-2.24.4-2.47 is installed
  • OR libwebkit2gtk3-lang-2.24.4-2.47 is installed
  • OR typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47 is installed
  • OR typelib-1_0-WebKit2-4_0-2.24.4-2.47 is installed
  • OR webkit2gtk-4_0-injected-bundles-2.24.4-2.47 is installed
  • OR webkit2gtk3-2.24.4-2.47 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • ceph-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR ceph-common-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR libcephfs2-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR librados2-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR libradosstriper1-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR librbd1-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR librgw2-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR python-cephfs-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR python-rados-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR python-rbd-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • OR python-rgw-12.2.7+git.1531910353.c0ef85b854-2.12 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND coolkey-1.1.0-148.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4-LTSS is installed
  • AND Package Information
  • libjavascriptcoregtk-4_0-18-2.28.3-2.56 is installed
  • OR libwebkit2gtk-4_0-37-2.28.3-2.56 is installed
  • OR libwebkit2gtk3-lang-2.28.3-2.56 is installed
  • OR typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56 is installed
  • OR typelib-1_0-WebKit2-4_0-2.28.3-2.56 is installed
  • OR typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56 is installed
  • OR webkit2gtk-4_0-injected-bundles-2.28.3-2.56 is installed
  • OR webkit2gtk3-2.28.3-2.56 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND ansible-2.4.6.0-3.3 is installed
  • BACK