| Revision Date: | 2021-08-23 | Version: | 1 | | Title: | Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (Moderate) | | Description: |
This patch updates the Python AWS SDK stack in SLE 15:
General:
# aws-cli
- Version updated to upstream release v1.19.9 For a detailed list of all changes, please refer to the changelog file of this package.
# python-boto3
- Version updated to upstream release 1.17.9 For a detailed list of all changes, please refer to the changelog file of this package.
# python-botocore
- Version updated to upstream release 1.20.9 For a detailed list of all changes, please refer to the changelog file of this package.
# python-urllib3
- Version updated to upstream release 1.25.10 For a detailed list of all changes, please refer to the changelog file of this package.
# python-service_identity
- Added this new package to resolve runtime dependencies for other packages. Version: 18.1.0
# python-trustme
- Added this new package to resolve runtime dependencies for other packages. Version: 0.6.0
Security fixes:
# python-urllib3: - CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120)
| | Family: | unix | Class: | patch | | Status: | | Reference(s): | 1102408
1138715
1138746
1176389
1177120
1182421
1182422
CVE-2020-26137
| | Platform(s): | SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
| Product(s): | |
|