Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-2296 (GCVE-0-2015-2296)
Vulnerability from cvelistv5
Published
2015-03-18 16:00
Modified
2024-08-06 05:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:16.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150314 Re: CVE Request for python-requests session fixation vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/15/1"
},
{
"name": "FEDORA-2015-4084",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html"
},
{
"name": "MDVSA-2015:133",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:133"
},
{
"name": "[oss-security] 20150314 CVE Request for python-requests session fixation vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/14/4"
},
{
"name": "USN-2531-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2531-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0120.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://warehouse.python.org/project/requests/2.6.0/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-21T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20150314 Re: CVE Request for python-requests session fixation vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/15/1"
},
{
"name": "FEDORA-2015-4084",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html"
},
{
"name": "MDVSA-2015:133",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:133"
},
{
"name": "[oss-security] 20150314 CVE Request for python-requests session fixation vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/14/4"
},
{
"name": "USN-2531-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2531-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0120.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://warehouse.python.org/project/requests/2.6.0/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150314 Re: CVE Request for python-requests session fixation vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/15/1"
},
{
"name": "FEDORA-2015-4084",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html"
},
{
"name": "MDVSA-2015:133",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:133"
},
{
"name": "[oss-security] 20150314 CVE Request for python-requests session fixation vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/14/4"
},
{
"name": "USN-2531-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2531-1"
},
{
"name": "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc",
"refsource": "CONFIRM",
"url": "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0120.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0120.html"
},
{
"name": "https://warehouse.python.org/project/requests/2.6.0/",
"refsource": "CONFIRM",
"url": "https://warehouse.python.org/project/requests/2.6.0/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2296",
"datePublished": "2015-03-18T16:00:00",
"dateReserved": "2015-03-14T00:00:00",
"dateUpdated": "2024-08-06T05:10:16.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2015-2296\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-03-18T16:59:03.517\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n resolve_redirects en sessions.py en requests 2.1.0 hasta 2.5.3 permite a atacantes remotos realizar ataques de fijaci\u00f3n de sesi\u00f3n a trav\u00e9s de una cookie sin valor de anfitri\u00f3n en una redirecci\u00f3n.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mageia_project:mageia:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7D2FA5A-6EC3-490B-A6A5-C498C889E30D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:requests:2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEFEBF18-876A-4E3C-A30B-71577B9938CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:requests:2.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18282B8E-738F-495C-B990-F70D0F0F8F8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:requests:2.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DE39CDB-643B-4126-9CA2-9C50337BBF58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:requests:2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"425B2FDF-69C3-4C0C-8972-E41EC457F791\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:requests:2.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB05BA9A-23AE-49D4-A1E7-96F8964A3BFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:requests:2.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"800BD957-9C00-41F9-BD04-485698BD55D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:requests:2.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FA61528-1797-44A2-99FA-F24866B4A663\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:requests:2.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"544C8C6B-0532-4D06-8A50-6C629B5C48F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:requests:2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D34A4A03-6B83-4FED-91DF-73D3DC895879\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:requests:2.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4016F80B-6EB3-4C5B-B2A6-483A24E9E70C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:requests:2.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"330946FA-38DC-4797-AEB3-0B038B828F9A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49A63F39-30BE-443F-AF10-6245587D3359\"}]}]}],\"references\":[{\"url\":\"http://advisories.mageia.org/MGASA-2015-0120.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:133\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/03/14/4\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/03/15/1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2531-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://warehouse.python.org/project/requests/2.6.0/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://advisories.mageia.org/MGASA-2015-0120.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:133\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/03/14/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/03/15/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2531-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://warehouse.python.org/project/requests/2.6.0/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}],\"evaluatorComment\":\"\u003ca href=\\\"http://cwe.mitre.org/data/definitions/384.html\\\"\u003eCWE-384: Session Fixation\u003c/a\u003e\"}}"
}
}
opensuse-su-2024:10098-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
python-pip-8.1.2-1.2 on GA media
Notes
Title of the patch
python-pip-8.1.2-1.2 on GA media
Description of the patch
These are all security issues fixed in the python-pip-8.1.2-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10098
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python-pip-8.1.2-1.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python-pip-8.1.2-1.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10098",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10098-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-5123 page",
"url": "https://www.suse.com/security/cve/CVE-2013-5123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-8991 page",
"url": "https://www.suse.com/security/cve/CVE-2014-8991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-2296 page",
"url": "https://www.suse.com/security/cve/CVE-2015-2296/"
}
],
"title": "python-pip-8.1.2-1.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10098-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python-pip-8.1.2-1.2.aarch64",
"product": {
"name": "python-pip-8.1.2-1.2.aarch64",
"product_id": "python-pip-8.1.2-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "python3-pip-9.0.1-1.1.aarch64",
"product": {
"name": "python3-pip-9.0.1-1.1.aarch64",
"product_id": "python3-pip-9.0.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-pip-8.1.2-1.2.ppc64le",
"product": {
"name": "python-pip-8.1.2-1.2.ppc64le",
"product_id": "python-pip-8.1.2-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-pip-9.0.1-1.1.ppc64le",
"product": {
"name": "python3-pip-9.0.1-1.1.ppc64le",
"product_id": "python3-pip-9.0.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python-pip-8.1.2-1.2.s390x",
"product": {
"name": "python-pip-8.1.2-1.2.s390x",
"product_id": "python-pip-8.1.2-1.2.s390x"
}
},
{
"category": "product_version",
"name": "python3-pip-9.0.1-1.1.s390x",
"product": {
"name": "python3-pip-9.0.1-1.1.s390x",
"product_id": "python3-pip-9.0.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python-pip-8.1.2-1.2.x86_64",
"product": {
"name": "python-pip-8.1.2-1.2.x86_64",
"product_id": "python-pip-8.1.2-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "python3-pip-9.0.1-1.1.x86_64",
"product": {
"name": "python3-pip-9.0.1-1.1.x86_64",
"product_id": "python3-pip-9.0.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pip-8.1.2-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-pip-8.1.2-1.2.aarch64"
},
"product_reference": "python-pip-8.1.2-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pip-8.1.2-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-pip-8.1.2-1.2.ppc64le"
},
"product_reference": "python-pip-8.1.2-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pip-8.1.2-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-pip-8.1.2-1.2.s390x"
},
"product_reference": "python-pip-8.1.2-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pip-8.1.2-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-pip-8.1.2-1.2.x86_64"
},
"product_reference": "python-pip-8.1.2-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pip-9.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python3-pip-9.0.1-1.1.aarch64"
},
"product_reference": "python3-pip-9.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pip-9.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python3-pip-9.0.1-1.1.ppc64le"
},
"product_reference": "python3-pip-9.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pip-9.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python3-pip-9.0.1-1.1.s390x"
},
"product_reference": "python3-pip-9.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pip-9.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python3-pip-9.0.1-1.1.x86_64"
},
"product_reference": "python3-pip-9.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-5123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-5123"
}
],
"notes": [
{
"category": "general",
"text": "The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.aarch64",
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.ppc64le",
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.s390x",
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.x86_64",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.aarch64",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.s390x",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-5123",
"url": "https://www.suse.com/security/cve/CVE-2013-5123"
},
{
"category": "external",
"summary": "SUSE Bug 864406 for CVE-2013-5123",
"url": "https://bugzilla.suse.com/864406"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.aarch64",
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.ppc64le",
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.s390x",
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.x86_64",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.aarch64",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.s390x",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.aarch64",
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.ppc64le",
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.s390x",
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.x86_64",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.aarch64",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.s390x",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-5123"
},
{
"cve": "CVE-2014-8991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-8991"
}
],
"notes": [
{
"category": "general",
"text": "pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.aarch64",
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.ppc64le",
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.s390x",
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.x86_64",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.aarch64",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.s390x",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-8991",
"url": "https://www.suse.com/security/cve/CVE-2014-8991"
},
{
"category": "external",
"summary": "SUSE Bug 907038 for CVE-2014-8991",
"url": "https://bugzilla.suse.com/907038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.aarch64",
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.ppc64le",
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.s390x",
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.x86_64",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.aarch64",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.s390x",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.aarch64",
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.ppc64le",
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.s390x",
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.x86_64",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.aarch64",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.s390x",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-8991"
},
{
"cve": "CVE-2015-2296",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-2296"
}
],
"notes": [
{
"category": "general",
"text": "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.aarch64",
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.ppc64le",
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.s390x",
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.x86_64",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.aarch64",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.s390x",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-2296",
"url": "https://www.suse.com/security/cve/CVE-2015-2296"
},
{
"category": "external",
"summary": "SUSE Bug 922448 for CVE-2015-2296",
"url": "https://bugzilla.suse.com/922448"
},
{
"category": "external",
"summary": "SUSE Bug 926396 for CVE-2015-2296",
"url": "https://bugzilla.suse.com/926396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.aarch64",
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.ppc64le",
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.s390x",
"openSUSE Tumbleweed:python-pip-8.1.2-1.2.x86_64",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.aarch64",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.s390x",
"openSUSE Tumbleweed:python3-pip-9.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2015-2296"
}
]
}
opensuse-su-2024:13999-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
python310-requests-2.32.2-1.1 on GA media
Notes
Title of the patch
python310-requests-2.32.2-1.1 on GA media
Description of the patch
These are all security issues fixed in the python310-requests-2.32.2-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13999
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python310-requests-2.32.2-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python310-requests-2.32.2-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13999",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13999-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-1829 page",
"url": "https://www.suse.com/security/cve/CVE-2014-1829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-2296 page",
"url": "https://www.suse.com/security/cve/CVE-2015-2296/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18074 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35195 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35195/"
}
],
"title": "python310-requests-2.32.2-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13999-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python310-requests-2.32.2-1.1.aarch64",
"product": {
"name": "python310-requests-2.32.2-1.1.aarch64",
"product_id": "python310-requests-2.32.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-requests-2.32.2-1.1.aarch64",
"product": {
"name": "python311-requests-2.32.2-1.1.aarch64",
"product_id": "python311-requests-2.32.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-requests-2.32.2-1.1.aarch64",
"product": {
"name": "python312-requests-2.32.2-1.1.aarch64",
"product_id": "python312-requests-2.32.2-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-requests-2.32.2-1.1.ppc64le",
"product": {
"name": "python310-requests-2.32.2-1.1.ppc64le",
"product_id": "python310-requests-2.32.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-requests-2.32.2-1.1.ppc64le",
"product": {
"name": "python311-requests-2.32.2-1.1.ppc64le",
"product_id": "python311-requests-2.32.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-requests-2.32.2-1.1.ppc64le",
"product": {
"name": "python312-requests-2.32.2-1.1.ppc64le",
"product_id": "python312-requests-2.32.2-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-requests-2.32.2-1.1.s390x",
"product": {
"name": "python310-requests-2.32.2-1.1.s390x",
"product_id": "python310-requests-2.32.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-requests-2.32.2-1.1.s390x",
"product": {
"name": "python311-requests-2.32.2-1.1.s390x",
"product_id": "python311-requests-2.32.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-requests-2.32.2-1.1.s390x",
"product": {
"name": "python312-requests-2.32.2-1.1.s390x",
"product_id": "python312-requests-2.32.2-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-requests-2.32.2-1.1.x86_64",
"product": {
"name": "python310-requests-2.32.2-1.1.x86_64",
"product_id": "python310-requests-2.32.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-requests-2.32.2-1.1.x86_64",
"product": {
"name": "python311-requests-2.32.2-1.1.x86_64",
"product_id": "python311-requests-2.32.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-requests-2.32.2-1.1.x86_64",
"product": {
"name": "python312-requests-2.32.2-1.1.x86_64",
"product_id": "python312-requests-2.32.2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-requests-2.32.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-requests-2.32.2-1.1.aarch64"
},
"product_reference": "python310-requests-2.32.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-requests-2.32.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-requests-2.32.2-1.1.ppc64le"
},
"product_reference": "python310-requests-2.32.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-requests-2.32.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-requests-2.32.2-1.1.s390x"
},
"product_reference": "python310-requests-2.32.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-requests-2.32.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-requests-2.32.2-1.1.x86_64"
},
"product_reference": "python310-requests-2.32.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-requests-2.32.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-requests-2.32.2-1.1.aarch64"
},
"product_reference": "python311-requests-2.32.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-requests-2.32.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-requests-2.32.2-1.1.ppc64le"
},
"product_reference": "python311-requests-2.32.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-requests-2.32.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-requests-2.32.2-1.1.s390x"
},
"product_reference": "python311-requests-2.32.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-requests-2.32.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-requests-2.32.2-1.1.x86_64"
},
"product_reference": "python311-requests-2.32.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-requests-2.32.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-requests-2.32.2-1.1.aarch64"
},
"product_reference": "python312-requests-2.32.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-requests-2.32.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-requests-2.32.2-1.1.ppc64le"
},
"product_reference": "python312-requests-2.32.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-requests-2.32.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-requests-2.32.2-1.1.s390x"
},
"product_reference": "python312-requests-2.32.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-requests-2.32.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-requests-2.32.2-1.1.x86_64"
},
"product_reference": "python312-requests-2.32.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-1829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-1829"
}
],
"notes": [
{
"category": "general",
"text": "Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.x86_64",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.x86_64",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-1829",
"url": "https://www.suse.com/security/cve/CVE-2014-1829"
},
{
"category": "external",
"summary": "SUSE Bug 897658 for CVE-2014-1829",
"url": "https://bugzilla.suse.com/897658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.x86_64",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.x86_64",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-1829"
},
{
"cve": "CVE-2015-2296",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-2296"
}
],
"notes": [
{
"category": "general",
"text": "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.x86_64",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.x86_64",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-2296",
"url": "https://www.suse.com/security/cve/CVE-2015-2296"
},
{
"category": "external",
"summary": "SUSE Bug 922448 for CVE-2015-2296",
"url": "https://bugzilla.suse.com/922448"
},
{
"category": "external",
"summary": "SUSE Bug 926396 for CVE-2015-2296",
"url": "https://bugzilla.suse.com/926396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.x86_64",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.x86_64",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2015-2296"
},
{
"cve": "CVE-2018-18074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18074"
}
],
"notes": [
{
"category": "general",
"text": "The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.x86_64",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.x86_64",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18074",
"url": "https://www.suse.com/security/cve/CVE-2018-18074"
},
{
"category": "external",
"summary": "SUSE Bug 1111622 for CVE-2018-18074",
"url": "https://bugzilla.suse.com/1111622"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.x86_64",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.x86_64",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.x86_64",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.x86_64",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-18074"
},
{
"cve": "CVE-2024-35195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35195"
}
],
"notes": [
{
"category": "general",
"text": "Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.x86_64",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.x86_64",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35195",
"url": "https://www.suse.com/security/cve/CVE-2024-35195"
},
{
"category": "external",
"summary": "SUSE Bug 1224788 for CVE-2024-35195",
"url": "https://bugzilla.suse.com/1224788"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.x86_64",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.x86_64",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python310-requests-2.32.2-1.1.x86_64",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python311-requests-2.32.2-1.1.x86_64",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.aarch64",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.ppc64le",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.s390x",
"openSUSE Tumbleweed:python312-requests-2.32.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-35195"
}
]
}
opensuse-su-2024:11281-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
python2-pip-20.0.2-2.6 on GA media
Notes
Title of the patch
python2-pip-20.0.2-2.6 on GA media
Description of the patch
These are all security issues fixed in the python2-pip-20.0.2-2.6 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11281
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python2-pip-20.0.2-2.6 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python2-pip-20.0.2-2.6 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11281",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11281-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-5123 page",
"url": "https://www.suse.com/security/cve/CVE-2013-5123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-8991 page",
"url": "https://www.suse.com/security/cve/CVE-2014-8991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-2296 page",
"url": "https://www.suse.com/security/cve/CVE-2015-2296/"
}
],
"title": "python2-pip-20.0.2-2.6 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11281-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python2-pip-20.0.2-2.6.aarch64",
"product": {
"name": "python2-pip-20.0.2-2.6.aarch64",
"product_id": "python2-pip-20.0.2-2.6.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-pip-20.0.2-2.6.ppc64le",
"product": {
"name": "python2-pip-20.0.2-2.6.ppc64le",
"product_id": "python2-pip-20.0.2-2.6.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-pip-20.0.2-2.6.s390x",
"product": {
"name": "python2-pip-20.0.2-2.6.s390x",
"product_id": "python2-pip-20.0.2-2.6.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python2-pip-20.0.2-2.6.x86_64",
"product": {
"name": "python2-pip-20.0.2-2.6.x86_64",
"product_id": "python2-pip-20.0.2-2.6.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-pip-20.0.2-2.6.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python2-pip-20.0.2-2.6.aarch64"
},
"product_reference": "python2-pip-20.0.2-2.6.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-pip-20.0.2-2.6.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python2-pip-20.0.2-2.6.ppc64le"
},
"product_reference": "python2-pip-20.0.2-2.6.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-pip-20.0.2-2.6.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python2-pip-20.0.2-2.6.s390x"
},
"product_reference": "python2-pip-20.0.2-2.6.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-pip-20.0.2-2.6.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python2-pip-20.0.2-2.6.x86_64"
},
"product_reference": "python2-pip-20.0.2-2.6.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-5123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-5123"
}
],
"notes": [
{
"category": "general",
"text": "The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.aarch64",
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.ppc64le",
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.s390x",
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-5123",
"url": "https://www.suse.com/security/cve/CVE-2013-5123"
},
{
"category": "external",
"summary": "SUSE Bug 864406 for CVE-2013-5123",
"url": "https://bugzilla.suse.com/864406"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.aarch64",
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.ppc64le",
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.s390x",
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.aarch64",
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.ppc64le",
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.s390x",
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-5123"
},
{
"cve": "CVE-2014-8991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-8991"
}
],
"notes": [
{
"category": "general",
"text": "pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.aarch64",
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.ppc64le",
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.s390x",
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-8991",
"url": "https://www.suse.com/security/cve/CVE-2014-8991"
},
{
"category": "external",
"summary": "SUSE Bug 907038 for CVE-2014-8991",
"url": "https://bugzilla.suse.com/907038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.aarch64",
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.ppc64le",
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.s390x",
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.aarch64",
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.ppc64le",
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.s390x",
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-8991"
},
{
"cve": "CVE-2015-2296",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-2296"
}
],
"notes": [
{
"category": "general",
"text": "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.aarch64",
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.ppc64le",
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.s390x",
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-2296",
"url": "https://www.suse.com/security/cve/CVE-2015-2296"
},
{
"category": "external",
"summary": "SUSE Bug 922448 for CVE-2015-2296",
"url": "https://bugzilla.suse.com/922448"
},
{
"category": "external",
"summary": "SUSE Bug 926396 for CVE-2015-2296",
"url": "https://bugzilla.suse.com/926396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.aarch64",
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.ppc64le",
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.s390x",
"openSUSE Tumbleweed:python2-pip-20.0.2-2.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2015-2296"
}
]
}
opensuse-su-2024:10125-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
python-requests-2.11.1-1.1 on GA media
Notes
Title of the patch
python-requests-2.11.1-1.1 on GA media
Description of the patch
These are all security issues fixed in the python-requests-2.11.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10125
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python-requests-2.11.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python-requests-2.11.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10125",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10125-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-1829 page",
"url": "https://www.suse.com/security/cve/CVE-2014-1829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-1830 page",
"url": "https://www.suse.com/security/cve/CVE-2014-1830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-2296 page",
"url": "https://www.suse.com/security/cve/CVE-2015-2296/"
}
],
"title": "python-requests-2.11.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10125-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python-requests-2.11.1-1.1.aarch64",
"product": {
"name": "python-requests-2.11.1-1.1.aarch64",
"product_id": "python-requests-2.11.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-requests-2.11.1-1.1.ppc64le",
"product": {
"name": "python-requests-2.11.1-1.1.ppc64le",
"product_id": "python-requests-2.11.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python-requests-2.11.1-1.1.s390x",
"product": {
"name": "python-requests-2.11.1-1.1.s390x",
"product_id": "python-requests-2.11.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python-requests-2.11.1-1.1.x86_64",
"product": {
"name": "python-requests-2.11.1-1.1.x86_64",
"product_id": "python-requests-2.11.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-requests-2.11.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-requests-2.11.1-1.1.aarch64"
},
"product_reference": "python-requests-2.11.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-requests-2.11.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-requests-2.11.1-1.1.ppc64le"
},
"product_reference": "python-requests-2.11.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-requests-2.11.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-requests-2.11.1-1.1.s390x"
},
"product_reference": "python-requests-2.11.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-requests-2.11.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-requests-2.11.1-1.1.x86_64"
},
"product_reference": "python-requests-2.11.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-1829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-1829"
}
],
"notes": [
{
"category": "general",
"text": "Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-requests-2.11.1-1.1.aarch64",
"openSUSE Tumbleweed:python-requests-2.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:python-requests-2.11.1-1.1.s390x",
"openSUSE Tumbleweed:python-requests-2.11.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-1829",
"url": "https://www.suse.com/security/cve/CVE-2014-1829"
},
{
"category": "external",
"summary": "SUSE Bug 897658 for CVE-2014-1829",
"url": "https://bugzilla.suse.com/897658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-requests-2.11.1-1.1.aarch64",
"openSUSE Tumbleweed:python-requests-2.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:python-requests-2.11.1-1.1.s390x",
"openSUSE Tumbleweed:python-requests-2.11.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-1829"
},
{
"cve": "CVE-2014-1830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-1830"
}
],
"notes": [
{
"category": "general",
"text": "Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-requests-2.11.1-1.1.aarch64",
"openSUSE Tumbleweed:python-requests-2.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:python-requests-2.11.1-1.1.s390x",
"openSUSE Tumbleweed:python-requests-2.11.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-1830",
"url": "https://www.suse.com/security/cve/CVE-2014-1830"
},
{
"category": "external",
"summary": "SUSE Bug 897658 for CVE-2014-1830",
"url": "https://bugzilla.suse.com/897658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-requests-2.11.1-1.1.aarch64",
"openSUSE Tumbleweed:python-requests-2.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:python-requests-2.11.1-1.1.s390x",
"openSUSE Tumbleweed:python-requests-2.11.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-1830"
},
{
"cve": "CVE-2015-2296",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-2296"
}
],
"notes": [
{
"category": "general",
"text": "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-requests-2.11.1-1.1.aarch64",
"openSUSE Tumbleweed:python-requests-2.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:python-requests-2.11.1-1.1.s390x",
"openSUSE Tumbleweed:python-requests-2.11.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-2296",
"url": "https://www.suse.com/security/cve/CVE-2015-2296"
},
{
"category": "external",
"summary": "SUSE Bug 922448 for CVE-2015-2296",
"url": "https://bugzilla.suse.com/922448"
},
{
"category": "external",
"summary": "SUSE Bug 926396 for CVE-2015-2296",
"url": "https://bugzilla.suse.com/926396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-requests-2.11.1-1.1.aarch64",
"openSUSE Tumbleweed:python-requests-2.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:python-requests-2.11.1-1.1.s390x",
"openSUSE Tumbleweed:python-requests-2.11.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2015-2296"
}
]
}
opensuse-su-2024:11251-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
python36-pip-20.2.4-1.8 on GA media
Notes
Title of the patch
python36-pip-20.2.4-1.8 on GA media
Description of the patch
These are all security issues fixed in the python36-pip-20.2.4-1.8 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11251
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python36-pip-20.2.4-1.8 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python36-pip-20.2.4-1.8 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11251",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11251-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-5123 page",
"url": "https://www.suse.com/security/cve/CVE-2013-5123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-8991 page",
"url": "https://www.suse.com/security/cve/CVE-2014-8991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-2296 page",
"url": "https://www.suse.com/security/cve/CVE-2015-2296/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-20916 page",
"url": "https://www.suse.com/security/cve/CVE-2019-20916/"
}
],
"title": "python36-pip-20.2.4-1.8 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11251-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python36-pip-20.2.4-1.8.aarch64",
"product": {
"name": "python36-pip-20.2.4-1.8.aarch64",
"product_id": "python36-pip-20.2.4-1.8.aarch64"
}
},
{
"category": "product_version",
"name": "python38-pip-20.2.4-1.8.aarch64",
"product": {
"name": "python38-pip-20.2.4-1.8.aarch64",
"product_id": "python38-pip-20.2.4-1.8.aarch64"
}
},
{
"category": "product_version",
"name": "python39-pip-20.2.4-1.8.aarch64",
"product": {
"name": "python39-pip-20.2.4-1.8.aarch64",
"product_id": "python39-pip-20.2.4-1.8.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python36-pip-20.2.4-1.8.ppc64le",
"product": {
"name": "python36-pip-20.2.4-1.8.ppc64le",
"product_id": "python36-pip-20.2.4-1.8.ppc64le"
}
},
{
"category": "product_version",
"name": "python38-pip-20.2.4-1.8.ppc64le",
"product": {
"name": "python38-pip-20.2.4-1.8.ppc64le",
"product_id": "python38-pip-20.2.4-1.8.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-pip-20.2.4-1.8.ppc64le",
"product": {
"name": "python39-pip-20.2.4-1.8.ppc64le",
"product_id": "python39-pip-20.2.4-1.8.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python36-pip-20.2.4-1.8.s390x",
"product": {
"name": "python36-pip-20.2.4-1.8.s390x",
"product_id": "python36-pip-20.2.4-1.8.s390x"
}
},
{
"category": "product_version",
"name": "python38-pip-20.2.4-1.8.s390x",
"product": {
"name": "python38-pip-20.2.4-1.8.s390x",
"product_id": "python38-pip-20.2.4-1.8.s390x"
}
},
{
"category": "product_version",
"name": "python39-pip-20.2.4-1.8.s390x",
"product": {
"name": "python39-pip-20.2.4-1.8.s390x",
"product_id": "python39-pip-20.2.4-1.8.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python36-pip-20.2.4-1.8.x86_64",
"product": {
"name": "python36-pip-20.2.4-1.8.x86_64",
"product_id": "python36-pip-20.2.4-1.8.x86_64"
}
},
{
"category": "product_version",
"name": "python38-pip-20.2.4-1.8.x86_64",
"product": {
"name": "python38-pip-20.2.4-1.8.x86_64",
"product_id": "python38-pip-20.2.4-1.8.x86_64"
}
},
{
"category": "product_version",
"name": "python39-pip-20.2.4-1.8.x86_64",
"product": {
"name": "python39-pip-20.2.4-1.8.x86_64",
"product_id": "python39-pip-20.2.4-1.8.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-pip-20.2.4-1.8.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-pip-20.2.4-1.8.aarch64"
},
"product_reference": "python36-pip-20.2.4-1.8.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-pip-20.2.4-1.8.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-pip-20.2.4-1.8.ppc64le"
},
"product_reference": "python36-pip-20.2.4-1.8.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-pip-20.2.4-1.8.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-pip-20.2.4-1.8.s390x"
},
"product_reference": "python36-pip-20.2.4-1.8.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-pip-20.2.4-1.8.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-pip-20.2.4-1.8.x86_64"
},
"product_reference": "python36-pip-20.2.4-1.8.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-pip-20.2.4-1.8.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-pip-20.2.4-1.8.aarch64"
},
"product_reference": "python38-pip-20.2.4-1.8.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-pip-20.2.4-1.8.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-pip-20.2.4-1.8.ppc64le"
},
"product_reference": "python38-pip-20.2.4-1.8.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-pip-20.2.4-1.8.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-pip-20.2.4-1.8.s390x"
},
"product_reference": "python38-pip-20.2.4-1.8.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-pip-20.2.4-1.8.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-pip-20.2.4-1.8.x86_64"
},
"product_reference": "python38-pip-20.2.4-1.8.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pip-20.2.4-1.8.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-pip-20.2.4-1.8.aarch64"
},
"product_reference": "python39-pip-20.2.4-1.8.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pip-20.2.4-1.8.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-pip-20.2.4-1.8.ppc64le"
},
"product_reference": "python39-pip-20.2.4-1.8.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pip-20.2.4-1.8.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-pip-20.2.4-1.8.s390x"
},
"product_reference": "python39-pip-20.2.4-1.8.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pip-20.2.4-1.8.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-pip-20.2.4-1.8.x86_64"
},
"product_reference": "python39-pip-20.2.4-1.8.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-5123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-5123"
}
],
"notes": [
{
"category": "general",
"text": "The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.x86_64",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.x86_64",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-5123",
"url": "https://www.suse.com/security/cve/CVE-2013-5123"
},
{
"category": "external",
"summary": "SUSE Bug 864406 for CVE-2013-5123",
"url": "https://bugzilla.suse.com/864406"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.x86_64",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.x86_64",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.x86_64",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.x86_64",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-5123"
},
{
"cve": "CVE-2014-8991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-8991"
}
],
"notes": [
{
"category": "general",
"text": "pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.x86_64",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.x86_64",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-8991",
"url": "https://www.suse.com/security/cve/CVE-2014-8991"
},
{
"category": "external",
"summary": "SUSE Bug 907038 for CVE-2014-8991",
"url": "https://bugzilla.suse.com/907038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.x86_64",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.x86_64",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.x86_64",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.x86_64",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-8991"
},
{
"cve": "CVE-2015-2296",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-2296"
}
],
"notes": [
{
"category": "general",
"text": "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.x86_64",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.x86_64",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-2296",
"url": "https://www.suse.com/security/cve/CVE-2015-2296"
},
{
"category": "external",
"summary": "SUSE Bug 922448 for CVE-2015-2296",
"url": "https://bugzilla.suse.com/922448"
},
{
"category": "external",
"summary": "SUSE Bug 926396 for CVE-2015-2296",
"url": "https://bugzilla.suse.com/926396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.x86_64",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.x86_64",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2015-2296"
},
{
"cve": "CVE-2019-20916",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-20916"
}
],
"notes": [
{
"category": "general",
"text": "The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.x86_64",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.x86_64",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-20916",
"url": "https://www.suse.com/security/cve/CVE-2019-20916"
},
{
"category": "external",
"summary": "SUSE Bug 1176262 for CVE-2019-20916",
"url": "https://bugzilla.suse.com/1176262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.x86_64",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.x86_64",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python36-pip-20.2.4-1.8.x86_64",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python38-pip-20.2.4-1.8.x86_64",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.aarch64",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.ppc64le",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.s390x",
"openSUSE Tumbleweed:python39-pip-20.2.4-1.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-20916"
}
]
}
opensuse-su-2024:13916-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
python310-pip-24.0-1.1 on GA media
Notes
Title of the patch
python310-pip-24.0-1.1 on GA media
Description of the patch
These are all security issues fixed in the python310-pip-24.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13916
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python310-pip-24.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python310-pip-24.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13916",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13916-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-5123 page",
"url": "https://www.suse.com/security/cve/CVE-2013-5123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-8991 page",
"url": "https://www.suse.com/security/cve/CVE-2014-8991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-2296 page",
"url": "https://www.suse.com/security/cve/CVE-2015-2296/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-20916 page",
"url": "https://www.suse.com/security/cve/CVE-2019-20916/"
}
],
"title": "python310-pip-24.0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13916-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python310-pip-24.0-1.1.aarch64",
"product": {
"name": "python310-pip-24.0-1.1.aarch64",
"product_id": "python310-pip-24.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python310-pip-wheel-24.0-1.1.aarch64",
"product": {
"name": "python310-pip-wheel-24.0-1.1.aarch64",
"product_id": "python310-pip-wheel-24.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-pip-24.0-1.1.aarch64",
"product": {
"name": "python311-pip-24.0-1.1.aarch64",
"product_id": "python311-pip-24.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-pip-wheel-24.0-1.1.aarch64",
"product": {
"name": "python311-pip-wheel-24.0-1.1.aarch64",
"product_id": "python311-pip-wheel-24.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-pip-24.0-1.1.aarch64",
"product": {
"name": "python312-pip-24.0-1.1.aarch64",
"product_id": "python312-pip-24.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-pip-wheel-24.0-1.1.aarch64",
"product": {
"name": "python312-pip-wheel-24.0-1.1.aarch64",
"product_id": "python312-pip-wheel-24.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-pip-24.0-1.1.ppc64le",
"product": {
"name": "python310-pip-24.0-1.1.ppc64le",
"product_id": "python310-pip-24.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python310-pip-wheel-24.0-1.1.ppc64le",
"product": {
"name": "python310-pip-wheel-24.0-1.1.ppc64le",
"product_id": "python310-pip-wheel-24.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-pip-24.0-1.1.ppc64le",
"product": {
"name": "python311-pip-24.0-1.1.ppc64le",
"product_id": "python311-pip-24.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-pip-wheel-24.0-1.1.ppc64le",
"product": {
"name": "python311-pip-wheel-24.0-1.1.ppc64le",
"product_id": "python311-pip-wheel-24.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-pip-24.0-1.1.ppc64le",
"product": {
"name": "python312-pip-24.0-1.1.ppc64le",
"product_id": "python312-pip-24.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-pip-wheel-24.0-1.1.ppc64le",
"product": {
"name": "python312-pip-wheel-24.0-1.1.ppc64le",
"product_id": "python312-pip-wheel-24.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-pip-24.0-1.1.s390x",
"product": {
"name": "python310-pip-24.0-1.1.s390x",
"product_id": "python310-pip-24.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python310-pip-wheel-24.0-1.1.s390x",
"product": {
"name": "python310-pip-wheel-24.0-1.1.s390x",
"product_id": "python310-pip-wheel-24.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-pip-24.0-1.1.s390x",
"product": {
"name": "python311-pip-24.0-1.1.s390x",
"product_id": "python311-pip-24.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-pip-wheel-24.0-1.1.s390x",
"product": {
"name": "python311-pip-wheel-24.0-1.1.s390x",
"product_id": "python311-pip-wheel-24.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-pip-24.0-1.1.s390x",
"product": {
"name": "python312-pip-24.0-1.1.s390x",
"product_id": "python312-pip-24.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-pip-wheel-24.0-1.1.s390x",
"product": {
"name": "python312-pip-wheel-24.0-1.1.s390x",
"product_id": "python312-pip-wheel-24.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-pip-24.0-1.1.x86_64",
"product": {
"name": "python310-pip-24.0-1.1.x86_64",
"product_id": "python310-pip-24.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python310-pip-wheel-24.0-1.1.x86_64",
"product": {
"name": "python310-pip-wheel-24.0-1.1.x86_64",
"product_id": "python310-pip-wheel-24.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-pip-24.0-1.1.x86_64",
"product": {
"name": "python311-pip-24.0-1.1.x86_64",
"product_id": "python311-pip-24.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-pip-wheel-24.0-1.1.x86_64",
"product": {
"name": "python311-pip-wheel-24.0-1.1.x86_64",
"product_id": "python311-pip-wheel-24.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-pip-24.0-1.1.x86_64",
"product": {
"name": "python312-pip-24.0-1.1.x86_64",
"product_id": "python312-pip-24.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-pip-wheel-24.0-1.1.x86_64",
"product": {
"name": "python312-pip-wheel-24.0-1.1.x86_64",
"product_id": "python312-pip-wheel-24.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-pip-24.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-pip-24.0-1.1.aarch64"
},
"product_reference": "python310-pip-24.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-pip-24.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-pip-24.0-1.1.ppc64le"
},
"product_reference": "python310-pip-24.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-pip-24.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-pip-24.0-1.1.s390x"
},
"product_reference": "python310-pip-24.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-pip-24.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-pip-24.0-1.1.x86_64"
},
"product_reference": "python310-pip-24.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-pip-wheel-24.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.aarch64"
},
"product_reference": "python310-pip-wheel-24.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-pip-wheel-24.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.ppc64le"
},
"product_reference": "python310-pip-wheel-24.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-pip-wheel-24.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.s390x"
},
"product_reference": "python310-pip-wheel-24.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-pip-wheel-24.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.x86_64"
},
"product_reference": "python310-pip-wheel-24.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pip-24.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-pip-24.0-1.1.aarch64"
},
"product_reference": "python311-pip-24.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pip-24.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-pip-24.0-1.1.ppc64le"
},
"product_reference": "python311-pip-24.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pip-24.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-pip-24.0-1.1.s390x"
},
"product_reference": "python311-pip-24.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pip-24.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-pip-24.0-1.1.x86_64"
},
"product_reference": "python311-pip-24.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pip-wheel-24.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.aarch64"
},
"product_reference": "python311-pip-wheel-24.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pip-wheel-24.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.ppc64le"
},
"product_reference": "python311-pip-wheel-24.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pip-wheel-24.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.s390x"
},
"product_reference": "python311-pip-wheel-24.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pip-wheel-24.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.x86_64"
},
"product_reference": "python311-pip-wheel-24.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-pip-24.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-pip-24.0-1.1.aarch64"
},
"product_reference": "python312-pip-24.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-pip-24.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-pip-24.0-1.1.ppc64le"
},
"product_reference": "python312-pip-24.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-pip-24.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-pip-24.0-1.1.s390x"
},
"product_reference": "python312-pip-24.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-pip-24.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-pip-24.0-1.1.x86_64"
},
"product_reference": "python312-pip-24.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-pip-wheel-24.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.aarch64"
},
"product_reference": "python312-pip-wheel-24.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-pip-wheel-24.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.ppc64le"
},
"product_reference": "python312-pip-wheel-24.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-pip-wheel-24.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.s390x"
},
"product_reference": "python312-pip-wheel-24.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-pip-wheel-24.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.x86_64"
},
"product_reference": "python312-pip-wheel-24.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-5123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-5123"
}
],
"notes": [
{
"category": "general",
"text": "The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-5123",
"url": "https://www.suse.com/security/cve/CVE-2013-5123"
},
{
"category": "external",
"summary": "SUSE Bug 864406 for CVE-2013-5123",
"url": "https://bugzilla.suse.com/864406"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-5123"
},
{
"cve": "CVE-2014-8991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-8991"
}
],
"notes": [
{
"category": "general",
"text": "pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-8991",
"url": "https://www.suse.com/security/cve/CVE-2014-8991"
},
{
"category": "external",
"summary": "SUSE Bug 907038 for CVE-2014-8991",
"url": "https://bugzilla.suse.com/907038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-8991"
},
{
"cve": "CVE-2015-2296",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-2296"
}
],
"notes": [
{
"category": "general",
"text": "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-2296",
"url": "https://www.suse.com/security/cve/CVE-2015-2296"
},
{
"category": "external",
"summary": "SUSE Bug 922448 for CVE-2015-2296",
"url": "https://bugzilla.suse.com/922448"
},
{
"category": "external",
"summary": "SUSE Bug 926396 for CVE-2015-2296",
"url": "https://bugzilla.suse.com/926396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2015-2296"
},
{
"cve": "CVE-2019-20916",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-20916"
}
],
"notes": [
{
"category": "general",
"text": "The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-20916",
"url": "https://www.suse.com/security/cve/CVE-2019-20916"
},
{
"category": "external",
"summary": "SUSE Bug 1176262 for CVE-2019-20916",
"url": "https://bugzilla.suse.com/1176262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python310-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python310-pip-wheel-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pip-wheel-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.s390x",
"openSUSE Tumbleweed:python312-pip-24.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.s390x",
"openSUSE Tumbleweed:python312-pip-wheel-24.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-20916"
}
]
}
opensuse-su-2024:11266-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
python36-requests-2.25.1-4.2 on GA media
Notes
Title of the patch
python36-requests-2.25.1-4.2 on GA media
Description of the patch
These are all security issues fixed in the python36-requests-2.25.1-4.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11266
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python36-requests-2.25.1-4.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python36-requests-2.25.1-4.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11266",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11266-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-1829 page",
"url": "https://www.suse.com/security/cve/CVE-2014-1829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-2296 page",
"url": "https://www.suse.com/security/cve/CVE-2015-2296/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18074 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18074/"
}
],
"title": "python36-requests-2.25.1-4.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11266-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python36-requests-2.25.1-4.2.aarch64",
"product": {
"name": "python36-requests-2.25.1-4.2.aarch64",
"product_id": "python36-requests-2.25.1-4.2.aarch64"
}
},
{
"category": "product_version",
"name": "python38-requests-2.25.1-4.2.aarch64",
"product": {
"name": "python38-requests-2.25.1-4.2.aarch64",
"product_id": "python38-requests-2.25.1-4.2.aarch64"
}
},
{
"category": "product_version",
"name": "python39-requests-2.25.1-4.2.aarch64",
"product": {
"name": "python39-requests-2.25.1-4.2.aarch64",
"product_id": "python39-requests-2.25.1-4.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python36-requests-2.25.1-4.2.ppc64le",
"product": {
"name": "python36-requests-2.25.1-4.2.ppc64le",
"product_id": "python36-requests-2.25.1-4.2.ppc64le"
}
},
{
"category": "product_version",
"name": "python38-requests-2.25.1-4.2.ppc64le",
"product": {
"name": "python38-requests-2.25.1-4.2.ppc64le",
"product_id": "python38-requests-2.25.1-4.2.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-requests-2.25.1-4.2.ppc64le",
"product": {
"name": "python39-requests-2.25.1-4.2.ppc64le",
"product_id": "python39-requests-2.25.1-4.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python36-requests-2.25.1-4.2.s390x",
"product": {
"name": "python36-requests-2.25.1-4.2.s390x",
"product_id": "python36-requests-2.25.1-4.2.s390x"
}
},
{
"category": "product_version",
"name": "python38-requests-2.25.1-4.2.s390x",
"product": {
"name": "python38-requests-2.25.1-4.2.s390x",
"product_id": "python38-requests-2.25.1-4.2.s390x"
}
},
{
"category": "product_version",
"name": "python39-requests-2.25.1-4.2.s390x",
"product": {
"name": "python39-requests-2.25.1-4.2.s390x",
"product_id": "python39-requests-2.25.1-4.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python36-requests-2.25.1-4.2.x86_64",
"product": {
"name": "python36-requests-2.25.1-4.2.x86_64",
"product_id": "python36-requests-2.25.1-4.2.x86_64"
}
},
{
"category": "product_version",
"name": "python38-requests-2.25.1-4.2.x86_64",
"product": {
"name": "python38-requests-2.25.1-4.2.x86_64",
"product_id": "python38-requests-2.25.1-4.2.x86_64"
}
},
{
"category": "product_version",
"name": "python39-requests-2.25.1-4.2.x86_64",
"product": {
"name": "python39-requests-2.25.1-4.2.x86_64",
"product_id": "python39-requests-2.25.1-4.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-requests-2.25.1-4.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-requests-2.25.1-4.2.aarch64"
},
"product_reference": "python36-requests-2.25.1-4.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-requests-2.25.1-4.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-requests-2.25.1-4.2.ppc64le"
},
"product_reference": "python36-requests-2.25.1-4.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-requests-2.25.1-4.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-requests-2.25.1-4.2.s390x"
},
"product_reference": "python36-requests-2.25.1-4.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-requests-2.25.1-4.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-requests-2.25.1-4.2.x86_64"
},
"product_reference": "python36-requests-2.25.1-4.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-requests-2.25.1-4.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-requests-2.25.1-4.2.aarch64"
},
"product_reference": "python38-requests-2.25.1-4.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-requests-2.25.1-4.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-requests-2.25.1-4.2.ppc64le"
},
"product_reference": "python38-requests-2.25.1-4.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-requests-2.25.1-4.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-requests-2.25.1-4.2.s390x"
},
"product_reference": "python38-requests-2.25.1-4.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-requests-2.25.1-4.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-requests-2.25.1-4.2.x86_64"
},
"product_reference": "python38-requests-2.25.1-4.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-requests-2.25.1-4.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-requests-2.25.1-4.2.aarch64"
},
"product_reference": "python39-requests-2.25.1-4.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-requests-2.25.1-4.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-requests-2.25.1-4.2.ppc64le"
},
"product_reference": "python39-requests-2.25.1-4.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-requests-2.25.1-4.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-requests-2.25.1-4.2.s390x"
},
"product_reference": "python39-requests-2.25.1-4.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-requests-2.25.1-4.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-requests-2.25.1-4.2.x86_64"
},
"product_reference": "python39-requests-2.25.1-4.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-1829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-1829"
}
],
"notes": [
{
"category": "general",
"text": "Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.aarch64",
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.ppc64le",
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.s390x",
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.x86_64",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.aarch64",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.ppc64le",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.s390x",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.x86_64",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.aarch64",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.ppc64le",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.s390x",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-1829",
"url": "https://www.suse.com/security/cve/CVE-2014-1829"
},
{
"category": "external",
"summary": "SUSE Bug 897658 for CVE-2014-1829",
"url": "https://bugzilla.suse.com/897658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.aarch64",
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.ppc64le",
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.s390x",
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.x86_64",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.aarch64",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.ppc64le",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.s390x",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.x86_64",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.aarch64",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.ppc64le",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.s390x",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-1829"
},
{
"cve": "CVE-2015-2296",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-2296"
}
],
"notes": [
{
"category": "general",
"text": "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.aarch64",
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.ppc64le",
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.s390x",
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.x86_64",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.aarch64",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.ppc64le",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.s390x",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.x86_64",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.aarch64",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.ppc64le",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.s390x",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-2296",
"url": "https://www.suse.com/security/cve/CVE-2015-2296"
},
{
"category": "external",
"summary": "SUSE Bug 922448 for CVE-2015-2296",
"url": "https://bugzilla.suse.com/922448"
},
{
"category": "external",
"summary": "SUSE Bug 926396 for CVE-2015-2296",
"url": "https://bugzilla.suse.com/926396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.aarch64",
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.ppc64le",
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.s390x",
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.x86_64",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.aarch64",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.ppc64le",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.s390x",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.x86_64",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.aarch64",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.ppc64le",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.s390x",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2015-2296"
},
{
"cve": "CVE-2018-18074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18074"
}
],
"notes": [
{
"category": "general",
"text": "The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.aarch64",
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.ppc64le",
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.s390x",
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.x86_64",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.aarch64",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.ppc64le",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.s390x",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.x86_64",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.aarch64",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.ppc64le",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.s390x",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18074",
"url": "https://www.suse.com/security/cve/CVE-2018-18074"
},
{
"category": "external",
"summary": "SUSE Bug 1111622 for CVE-2018-18074",
"url": "https://bugzilla.suse.com/1111622"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.aarch64",
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.ppc64le",
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.s390x",
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.x86_64",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.aarch64",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.ppc64le",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.s390x",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.x86_64",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.aarch64",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.ppc64le",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.s390x",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.aarch64",
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.ppc64le",
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.s390x",
"openSUSE Tumbleweed:python36-requests-2.25.1-4.2.x86_64",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.aarch64",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.ppc64le",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.s390x",
"openSUSE Tumbleweed:python38-requests-2.25.1-4.2.x86_64",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.aarch64",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.ppc64le",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.s390x",
"openSUSE Tumbleweed:python39-requests-2.25.1-4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-18074"
}
]
}
suse-ru-2019:2505-1
Vulnerability from csaf_suse
Published
2019-10-01 11:10
Modified
2019-10-01 11:10
Summary
Recommended update for python-jmespath, python-jsonschema, python-paramiko, python-pexpect, python-pip, python-ply, python-pretend, python-process-tests, python-pycodestyle, python-pyflakes, python-pyxdg, python-tabulate, python-vcversioner
Notes
Title of the patch
Recommended update for python-jmespath, python-jsonschema, python-paramiko, python-pexpect, python-pip, python-ply, python-pretend, python-process-tests, python-pycodestyle, python-pyflakes, python-pyxdg, python-tabulate, python-vcversioner
Description of the patch
This update for python-jmespath, python-jsonschema, python-paramiko, python-pexpect, python-pip, python-ply, python-pretend, python-process-tests, python-pycodestyle, python-pyflakes, python-pyxdg, python-tabulate, python-vcversioner fixes the following issues:
python-pip was updated to 10.0.1 (fate#324191, bsc#1065275)
Enable python3 build for:
- python-jmespath
- python-jsonschema
- python-paramiko
- python-pexpect
- python-pip
- python-ply
- python-pretend
- python-process-tests
- python-pycodestyle
- python-pyflakes
- python-pyxdg
- python-tabulate
- python-vcversioner
Patchnames
SUSE-2019-2505,SUSE-OpenStack-Cloud-7-2019-2505,SUSE-SLE-DESKTOP-12-SP4-2019-2505,SUSE-SLE-Module-Public-Cloud-12-2019-2505,SUSE-SLE-SERVER-12-SP4-2019-2505
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Recommended update for python-jmespath, python-jsonschema, python-paramiko, python-pexpect, python-pip, python-ply, python-pretend, python-process-tests, python-pycodestyle, python-pyflakes, python-pyxdg, python-tabulate, python-vcversioner",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for python-jmespath, python-jsonschema, python-paramiko, python-pexpect, python-pip, python-ply, python-pretend, python-process-tests, python-pycodestyle, python-pyflakes, python-pyxdg, python-tabulate, python-vcversioner fixes the following issues:\n\npython-pip was updated to 10.0.1 (fate#324191, bsc#1065275)\n\nEnable python3 build for:\n\n- python-jmespath\n- python-jsonschema\n- python-paramiko\n- python-pexpect\n- python-pip\n- python-ply\n- python-pretend\n- python-process-tests\n- python-pycodestyle\n- python-pyflakes\n- python-pyxdg\n- python-tabulate\n- python-vcversioner\n\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2505,SUSE-OpenStack-Cloud-7-2019-2505,SUSE-SLE-DESKTOP-12-SP4-2019-2505,SUSE-SLE-Module-Public-Cloud-12-2019-2505,SUSE-SLE-SERVER-12-SP4-2019-2505",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-ru-2019_2505-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-RU-2019:2505-1",
"url": "https://www.suse.com/support/update/announcement//suse-ru-20192505-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-RU-2019:2505-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2019-October/012610.html"
},
{
"category": "self",
"summary": "SUSE Bug 1065275",
"url": "https://bugzilla.suse.com/1065275"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-5123 page",
"url": "https://www.suse.com/security/cve/CVE-2013-5123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-8991 page",
"url": "https://www.suse.com/security/cve/CVE-2014-8991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-2296 page",
"url": "https://www.suse.com/security/cve/CVE-2015-2296/"
}
],
"title": "Recommended update for python-jmespath, python-jsonschema, python-paramiko, python-pexpect, python-pip, python-ply, python-pretend, python-process-tests, python-pycodestyle, python-pyflakes, python-pyxdg, python-tabulate, python-vcversioner",
"tracking": {
"current_release_date": "2019-10-01T11:10:29Z",
"generator": {
"date": "2019-10-01T11:10:29Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-RU-2019:2505-1",
"initial_release_date": "2019-10-01T11:10:29Z",
"revision_history": [
{
"date": "2019-10-01T11:10:29Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python-jmespath-0.9.2-10.6.1.noarch",
"product": {
"name": "python-jmespath-0.9.2-10.6.1.noarch",
"product_id": "python-jmespath-0.9.2-10.6.1.noarch"
}
},
{
"category": "product_version",
"name": "python-jsonschema-2.2.0-3.3.1.noarch",
"product": {
"name": "python-jsonschema-2.2.0-3.3.1.noarch",
"product_id": "python-jsonschema-2.2.0-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python-paramiko-1.18.5-2.15.1.noarch",
"product": {
"name": "python-paramiko-1.18.5-2.15.1.noarch",
"product_id": "python-paramiko-1.18.5-2.15.1.noarch"
}
},
{
"category": "product_version",
"name": "python-pexpect-2.4-4.3.1.noarch",
"product": {
"name": "python-pexpect-2.4-4.3.1.noarch",
"product_id": "python-pexpect-2.4-4.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python-pip-10.0.1-11.6.1.noarch",
"product": {
"name": "python-pip-10.0.1-11.6.1.noarch",
"product_id": "python-pip-10.0.1-11.6.1.noarch"
}
},
{
"category": "product_version",
"name": "python-ply-3.4-3.3.1.noarch",
"product": {
"name": "python-ply-3.4-3.3.1.noarch",
"product_id": "python-ply-3.4-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python-ply-doc-3.4-3.3.1.noarch",
"product": {
"name": "python-ply-doc-3.4-3.3.1.noarch",
"product_id": "python-ply-doc-3.4-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python-pretend-1.0.8-3.3.1.noarch",
"product": {
"name": "python-pretend-1.0.8-3.3.1.noarch",
"product_id": "python-pretend-1.0.8-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python-process-tests-1.2.2-1.3.1.noarch",
"product": {
"name": "python-process-tests-1.2.2-1.3.1.noarch",
"product_id": "python-process-tests-1.2.2-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python-pycodestyle-2.3.1-1.3.1.noarch",
"product": {
"name": "python-pycodestyle-2.3.1-1.3.1.noarch",
"product_id": "python-pycodestyle-2.3.1-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python-pyflakes-1.6.0-1.3.1.noarch",
"product": {
"name": "python-pyflakes-1.6.0-1.3.1.noarch",
"product_id": "python-pyflakes-1.6.0-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python-pyxdg-0.25-1.3.1.noarch",
"product": {
"name": "python-pyxdg-0.25-1.3.1.noarch",
"product_id": "python-pyxdg-0.25-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python-tabulate-0.7.7-1.3.1.noarch",
"product": {
"name": "python-tabulate-0.7.7-1.3.1.noarch",
"product_id": "python-tabulate-0.7.7-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python-vcversioner-2.16.0.0-1.3.1.noarch",
"product": {
"name": "python-vcversioner-2.16.0.0-1.3.1.noarch",
"product_id": "python-vcversioner-2.16.0.0-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-jmespath-0.9.2-10.6.1.noarch",
"product": {
"name": "python3-jmespath-0.9.2-10.6.1.noarch",
"product_id": "python3-jmespath-0.9.2-10.6.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-jsonschema-2.2.0-3.3.1.noarch",
"product": {
"name": "python3-jsonschema-2.2.0-3.3.1.noarch",
"product_id": "python3-jsonschema-2.2.0-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-paramiko-1.18.5-2.15.1.noarch",
"product": {
"name": "python3-paramiko-1.18.5-2.15.1.noarch",
"product_id": "python3-paramiko-1.18.5-2.15.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-pexpect-2.4-4.3.1.noarch",
"product": {
"name": "python3-pexpect-2.4-4.3.1.noarch",
"product_id": "python3-pexpect-2.4-4.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-pip-10.0.1-11.6.1.noarch",
"product": {
"name": "python3-pip-10.0.1-11.6.1.noarch",
"product_id": "python3-pip-10.0.1-11.6.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-ply-3.4-3.3.1.noarch",
"product": {
"name": "python3-ply-3.4-3.3.1.noarch",
"product_id": "python3-ply-3.4-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-ply-doc-3.4-3.3.1.noarch",
"product": {
"name": "python3-ply-doc-3.4-3.3.1.noarch",
"product_id": "python3-ply-doc-3.4-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-pretend-1.0.8-3.3.1.noarch",
"product": {
"name": "python3-pretend-1.0.8-3.3.1.noarch",
"product_id": "python3-pretend-1.0.8-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-process-tests-1.2.2-1.3.1.noarch",
"product": {
"name": "python3-process-tests-1.2.2-1.3.1.noarch",
"product_id": "python3-process-tests-1.2.2-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-pycodestyle-2.3.1-1.3.1.noarch",
"product": {
"name": "python3-pycodestyle-2.3.1-1.3.1.noarch",
"product_id": "python3-pycodestyle-2.3.1-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-pyflakes-1.6.0-1.3.1.noarch",
"product": {
"name": "python3-pyflakes-1.6.0-1.3.1.noarch",
"product_id": "python3-pyflakes-1.6.0-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-pyxdg-0.25-1.3.1.noarch",
"product": {
"name": "python3-pyxdg-0.25-1.3.1.noarch",
"product_id": "python3-pyxdg-0.25-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-tabulate-0.7.7-1.3.1.noarch",
"product": {
"name": "python3-tabulate-0.7.7-1.3.1.noarch",
"product_id": "python3-tabulate-0.7.7-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-vcversioner-2.16.0.0-1.3.1.noarch",
"product": {
"name": "python3-vcversioner-2.16.0.0-1.3.1.noarch",
"product_id": "python3-vcversioner-2.16.0.0-1.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 12",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pip-10.0.1-11.6.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:python-pip-10.0.1-11.6.1.noarch"
},
"product_reference": "python-pip-10.0.1-11.6.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-ply-3.4-3.3.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:python-ply-3.4-3.3.1.noarch"
},
"product_reference": "python-ply-3.4-3.3.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-ply-3.4-3.3.1.noarch as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:python-ply-3.4-3.3.1.noarch"
},
"product_reference": "python-ply-3.4-3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-jmespath-0.9.2-10.6.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python-jmespath-0.9.2-10.6.1.noarch"
},
"product_reference": "python-jmespath-0.9.2-10.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-jsonschema-2.2.0-3.3.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python-jsonschema-2.2.0-3.3.1.noarch"
},
"product_reference": "python-jsonschema-2.2.0-3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-1.18.5-2.15.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python-paramiko-1.18.5-2.15.1.noarch"
},
"product_reference": "python-paramiko-1.18.5-2.15.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pip-10.0.1-11.6.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python-pip-10.0.1-11.6.1.noarch"
},
"product_reference": "python-pip-10.0.1-11.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-ply-3.4-3.3.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python-ply-3.4-3.3.1.noarch"
},
"product_reference": "python-ply-3.4-3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-jmespath-0.9.2-10.6.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python3-jmespath-0.9.2-10.6.1.noarch"
},
"product_reference": "python3-jmespath-0.9.2-10.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-jsonschema-2.2.0-3.3.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python3-jsonschema-2.2.0-3.3.1.noarch"
},
"product_reference": "python3-jsonschema-2.2.0-3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-paramiko-1.18.5-2.15.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python3-paramiko-1.18.5-2.15.1.noarch"
},
"product_reference": "python3-paramiko-1.18.5-2.15.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pip-10.0.1-11.6.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python3-pip-10.0.1-11.6.1.noarch"
},
"product_reference": "python3-pip-10.0.1-11.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ply-3.4-3.3.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python3-ply-3.4-3.3.1.noarch"
},
"product_reference": "python3-ply-3.4-3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-ply-3.4-3.3.1.noarch as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:python-ply-3.4-3.3.1.noarch"
},
"product_reference": "python-ply-3.4-3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-ply-3.4-3.3.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-ply-3.4-3.3.1.noarch"
},
"product_reference": "python-ply-3.4-3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-5123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-5123"
}
],
"notes": [
{
"category": "general",
"text": "The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:python-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-jmespath-0.9.2-10.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-jsonschema-2.2.0-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-paramiko-1.18.5-2.15.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-pip-10.0.1-11.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-jmespath-0.9.2-10.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-jsonschema-2.2.0-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-paramiko-1.18.5-2.15.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-pip-10.0.1-11.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-ply-3.4-3.3.1.noarch",
"SUSE OpenStack Cloud 7:python-pip-10.0.1-11.6.1.noarch",
"SUSE OpenStack Cloud 7:python-ply-3.4-3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-5123",
"url": "https://www.suse.com/security/cve/CVE-2013-5123"
},
{
"category": "external",
"summary": "SUSE Bug 864406 for CVE-2013-5123",
"url": "https://bugzilla.suse.com/864406"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:python-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-jmespath-0.9.2-10.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-jsonschema-2.2.0-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-paramiko-1.18.5-2.15.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-pip-10.0.1-11.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-jmespath-0.9.2-10.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-jsonschema-2.2.0-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-paramiko-1.18.5-2.15.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-pip-10.0.1-11.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-ply-3.4-3.3.1.noarch",
"SUSE OpenStack Cloud 7:python-pip-10.0.1-11.6.1.noarch",
"SUSE OpenStack Cloud 7:python-ply-3.4-3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:python-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-jmespath-0.9.2-10.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-jsonschema-2.2.0-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-paramiko-1.18.5-2.15.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-pip-10.0.1-11.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-jmespath-0.9.2-10.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-jsonschema-2.2.0-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-paramiko-1.18.5-2.15.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-pip-10.0.1-11.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-ply-3.4-3.3.1.noarch",
"SUSE OpenStack Cloud 7:python-pip-10.0.1-11.6.1.noarch",
"SUSE OpenStack Cloud 7:python-ply-3.4-3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-01T11:10:29Z",
"details": "moderate"
}
],
"title": "CVE-2013-5123"
},
{
"cve": "CVE-2014-8991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-8991"
}
],
"notes": [
{
"category": "general",
"text": "pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:python-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-jmespath-0.9.2-10.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-jsonschema-2.2.0-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-paramiko-1.18.5-2.15.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-pip-10.0.1-11.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-jmespath-0.9.2-10.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-jsonschema-2.2.0-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-paramiko-1.18.5-2.15.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-pip-10.0.1-11.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-ply-3.4-3.3.1.noarch",
"SUSE OpenStack Cloud 7:python-pip-10.0.1-11.6.1.noarch",
"SUSE OpenStack Cloud 7:python-ply-3.4-3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-8991",
"url": "https://www.suse.com/security/cve/CVE-2014-8991"
},
{
"category": "external",
"summary": "SUSE Bug 907038 for CVE-2014-8991",
"url": "https://bugzilla.suse.com/907038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:python-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-jmespath-0.9.2-10.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-jsonschema-2.2.0-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-paramiko-1.18.5-2.15.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-pip-10.0.1-11.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-jmespath-0.9.2-10.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-jsonschema-2.2.0-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-paramiko-1.18.5-2.15.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-pip-10.0.1-11.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-ply-3.4-3.3.1.noarch",
"SUSE OpenStack Cloud 7:python-pip-10.0.1-11.6.1.noarch",
"SUSE OpenStack Cloud 7:python-ply-3.4-3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:python-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-jmespath-0.9.2-10.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-jsonschema-2.2.0-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-paramiko-1.18.5-2.15.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-pip-10.0.1-11.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-jmespath-0.9.2-10.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-jsonschema-2.2.0-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-paramiko-1.18.5-2.15.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-pip-10.0.1-11.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-ply-3.4-3.3.1.noarch",
"SUSE OpenStack Cloud 7:python-pip-10.0.1-11.6.1.noarch",
"SUSE OpenStack Cloud 7:python-ply-3.4-3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-01T11:10:29Z",
"details": "moderate"
}
],
"title": "CVE-2014-8991"
},
{
"cve": "CVE-2015-2296",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-2296"
}
],
"notes": [
{
"category": "general",
"text": "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:python-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-jmespath-0.9.2-10.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-jsonschema-2.2.0-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-paramiko-1.18.5-2.15.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-pip-10.0.1-11.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-jmespath-0.9.2-10.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-jsonschema-2.2.0-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-paramiko-1.18.5-2.15.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-pip-10.0.1-11.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-ply-3.4-3.3.1.noarch",
"SUSE OpenStack Cloud 7:python-pip-10.0.1-11.6.1.noarch",
"SUSE OpenStack Cloud 7:python-ply-3.4-3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-2296",
"url": "https://www.suse.com/security/cve/CVE-2015-2296"
},
{
"category": "external",
"summary": "SUSE Bug 922448 for CVE-2015-2296",
"url": "https://bugzilla.suse.com/922448"
},
{
"category": "external",
"summary": "SUSE Bug 926396 for CVE-2015-2296",
"url": "https://bugzilla.suse.com/926396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:python-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-jmespath-0.9.2-10.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-jsonschema-2.2.0-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-paramiko-1.18.5-2.15.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-pip-10.0.1-11.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-jmespath-0.9.2-10.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-jsonschema-2.2.0-3.3.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-paramiko-1.18.5-2.15.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-pip-10.0.1-11.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python-ply-3.4-3.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-ply-3.4-3.3.1.noarch",
"SUSE OpenStack Cloud 7:python-pip-10.0.1-11.6.1.noarch",
"SUSE OpenStack Cloud 7:python-ply-3.4-3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-01T11:10:29Z",
"details": "low"
}
],
"title": "CVE-2015-2296"
}
]
}
suse-su-2016:0114-1
Vulnerability from csaf_suse
Published
2016-01-13 20:05
Modified
2016-01-13 20:05
Summary
Security update for python-requests
Notes
Title of the patch
Security update for python-requests
Description of the patch
The python-requests module has been updated to version 2.8.1, which brings several
fixes and enhancements:
- Fix handling of cookies on redirect. Previously a cookie without a host value set
would use the hostname for the redirected URL exposing requests users to session
fixation attacks and potentially cookie stealing. (bsc#922448, CVE-2015-2296)
- Add support for per-host proxies. This allows the proxies dictionary to have entries
of the form {'<scheme>://<hostname>': '<proxy>'}. Host-specific
proxies will be used in preference to the previously-supported scheme-specific ones,
but the previous syntax will continue to work.
- Update certificate bundle to match 'certifi' 2015.9.6.2's weak certificate bundle.
- Response.raise_for_status now prints the URL that failed as part of the exception message.
- requests.utils.get_netrc_auth now takes an raise_errors kwarg, defaulting to False.
When True, errors parsing .netrc files cause exceptions to be thrown.
- Change to bundled projects import logic to make it easier to unbundle requests downstream.
- Change the default User-Agent string to avoid leaking data on Linux: now contains only
the requests version.
- The json parameter to post() and friends will now only be used if neither data nor files
are present, consistent with the documentation.
- Empty fields in the NO_PROXY environment variable are now ignored.
- Fix problem where httplib.BadStatusLine would get raised if combining stream=True with
contextlib.closing.
- Prevent bugs where we would attempt to return the same connection back to the connection
pool twice when sending a Chunked body.
- Digest Auth support is now thread safe.
- Resolved several bugs involving chunked transfer encoding and response framing.
- Copy a PreparedRequest's CookieJar more reliably.
- Support bytearrays when passed as parameters in the 'files' argument.
- Avoid data duplication when creating a request with 'str', 'bytes', or 'bytearray'
input to the 'files' argument.
- 'Connection: keep-alive' header is now sent automatically.
- Support for connect timeouts. Timeout now accepts a tuple (connect, read) which is
used to set individual connect and read timeouts.
For a comprehensive list of changes please refer to the package's change log or the
Release Notes at http://docs.python-requests.org/en/latest/community/updates/#id3
Patchnames
SUSE-SLE-DESKTOP-12-SP1-2016-80,SUSE-SLE-HA-12-2016-80,SUSE-SLE-Module-Public-Cloud-12-2016-80,SUSE-SLE-SERVER-12-2016-80,SUSE-SLE-SERVER-12-SP1-2016-80,SUSE-SLE12-CLOUD-5-2016-80,SUSE-Storage-1.0-2016-80,SUSE-Storage-2-2016-80
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-requests",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe python-requests module has been updated to version 2.8.1, which brings several\nfixes and enhancements:\n\n- Fix handling of cookies on redirect. Previously a cookie without a host value set\n would use the hostname for the redirected URL exposing requests users to session\n fixation attacks and potentially cookie stealing. (bsc#922448, CVE-2015-2296)\n\n- Add support for per-host proxies. This allows the proxies dictionary to have entries\n of the form {\u0027\u003cscheme\u003e://\u003chostname\u003e\u0027: \u0027\u003cproxy\u003e\u0027}. Host-specific\n proxies will be used in preference to the previously-supported scheme-specific ones,\n but the previous syntax will continue to work.\n- Update certificate bundle to match \u0027certifi\u0027 2015.9.6.2\u0027s weak certificate bundle.\n- Response.raise_for_status now prints the URL that failed as part of the exception message.\n- requests.utils.get_netrc_auth now takes an raise_errors kwarg, defaulting to False.\n When True, errors parsing .netrc files cause exceptions to be thrown.\n- Change to bundled projects import logic to make it easier to unbundle requests downstream.\n- Change the default User-Agent string to avoid leaking data on Linux: now contains only\n the requests version.\n- The json parameter to post() and friends will now only be used if neither data nor files\n are present, consistent with the documentation.\n- Empty fields in the NO_PROXY environment variable are now ignored.\n- Fix problem where httplib.BadStatusLine would get raised if combining stream=True with\n contextlib.closing.\n- Prevent bugs where we would attempt to return the same connection back to the connection\n pool twice when sending a Chunked body.\n- Digest Auth support is now thread safe.\n- Resolved several bugs involving chunked transfer encoding and response framing.\n- Copy a PreparedRequest\u0027s CookieJar more reliably.\n- Support bytearrays when passed as parameters in the \u0027files\u0027 argument.\n- Avoid data duplication when creating a request with \u0027str\u0027, \u0027bytes\u0027, or \u0027bytearray\u0027\n input to the \u0027files\u0027 argument.\n- \u0027Connection: keep-alive\u0027 header is now sent automatically.\n- Support for connect timeouts. Timeout now accepts a tuple (connect, read) which is\n used to set individual connect and read timeouts.\n\nFor a comprehensive list of changes please refer to the package\u0027s change log or the\nRelease Notes at http://docs.python-requests.org/en/latest/community/updates/#id3\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP1-2016-80,SUSE-SLE-HA-12-2016-80,SUSE-SLE-Module-Public-Cloud-12-2016-80,SUSE-SLE-SERVER-12-2016-80,SUSE-SLE-SERVER-12-SP1-2016-80,SUSE-SLE12-CLOUD-5-2016-80,SUSE-Storage-1.0-2016-80,SUSE-Storage-2-2016-80",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_0114-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:0114-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160114-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:0114-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-January/001801.html"
},
{
"category": "self",
"summary": "SUSE Bug 922448",
"url": "https://bugzilla.suse.com/922448"
},
{
"category": "self",
"summary": "SUSE Bug 929736",
"url": "https://bugzilla.suse.com/929736"
},
{
"category": "self",
"summary": "SUSE Bug 961596",
"url": "https://bugzilla.suse.com/961596"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-2296 page",
"url": "https://www.suse.com/security/cve/CVE-2015-2296/"
}
],
"title": "Security update for python-requests",
"tracking": {
"current_release_date": "2016-01-13T20:05:42Z",
"generator": {
"date": "2016-01-13T20:05:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:0114-1",
"initial_release_date": "2016-01-13T20:05:42Z",
"revision_history": [
{
"date": "2016-01-13T20:05:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python-requests-2.8.1-6.9.1.noarch",
"product": {
"name": "python-requests-2.8.1-6.9.1.noarch",
"product_id": "python-requests-2.8.1-6.9.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 12",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 12",
"product_id": "SUSE Linux Enterprise High Availability Extension 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 12",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12",
"product": {
"name": "SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5",
"product": {
"name": "SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5",
"product_id": "SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-sle12-cloud-compute:5"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 1.0",
"product": {
"name": "SUSE Enterprise Storage 1.0",
"product_id": "SUSE Enterprise Storage 1.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:1.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 2",
"product": {
"name": "SUSE Enterprise Storage 2",
"product_id": "SUSE Enterprise Storage 2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-requests-2.8.1-6.9.1.noarch as component of SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1:python-requests-2.8.1-6.9.1.noarch"
},
"product_reference": "python-requests-2.8.1-6.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-requests-2.8.1-6.9.1.noarch as component of SUSE Linux Enterprise High Availability Extension 12",
"product_id": "SUSE Linux Enterprise High Availability Extension 12:python-requests-2.8.1-6.9.1.noarch"
},
"product_reference": "python-requests-2.8.1-6.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-requests-2.8.1-6.9.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python-requests-2.8.1-6.9.1.noarch"
},
"product_reference": "python-requests-2.8.1-6.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-requests-2.8.1-6.9.1.noarch as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:python-requests-2.8.1-6.9.1.noarch"
},
"product_reference": "python-requests-2.8.1-6.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-requests-2.8.1-6.9.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:python-requests-2.8.1-6.9.1.noarch"
},
"product_reference": "python-requests-2.8.1-6.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-requests-2.8.1-6.9.1.noarch as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:python-requests-2.8.1-6.9.1.noarch"
},
"product_reference": "python-requests-2.8.1-6.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-requests-2.8.1-6.9.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-requests-2.8.1-6.9.1.noarch"
},
"product_reference": "python-requests-2.8.1-6.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-requests-2.8.1-6.9.1.noarch as component of SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5",
"product_id": "SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:python-requests-2.8.1-6.9.1.noarch"
},
"product_reference": "python-requests-2.8.1-6.9.1.noarch",
"relates_to_product_reference": "SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-requests-2.8.1-6.9.1.noarch as component of SUSE Enterprise Storage 1.0",
"product_id": "SUSE Enterprise Storage 1.0:python-requests-2.8.1-6.9.1.noarch"
},
"product_reference": "python-requests-2.8.1-6.9.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-requests-2.8.1-6.9.1.noarch as component of SUSE Enterprise Storage 2",
"product_id": "SUSE Enterprise Storage 2:python-requests-2.8.1-6.9.1.noarch"
},
"product_reference": "python-requests-2.8.1-6.9.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-2296",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-2296"
}
],
"notes": [
{
"category": "general",
"text": "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:python-requests-2.8.1-6.9.1.noarch",
"SUSE Enterprise Storage 1.0:python-requests-2.8.1-6.9.1.noarch",
"SUSE Enterprise Storage 2:python-requests-2.8.1-6.9.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP1:python-requests-2.8.1-6.9.1.noarch",
"SUSE Linux Enterprise High Availability Extension 12:python-requests-2.8.1-6.9.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-requests-2.8.1-6.9.1.noarch",
"SUSE Linux Enterprise Server 12 SP1:python-requests-2.8.1-6.9.1.noarch",
"SUSE Linux Enterprise Server 12:python-requests-2.8.1-6.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-requests-2.8.1-6.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12:python-requests-2.8.1-6.9.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-2296",
"url": "https://www.suse.com/security/cve/CVE-2015-2296"
},
{
"category": "external",
"summary": "SUSE Bug 922448 for CVE-2015-2296",
"url": "https://bugzilla.suse.com/922448"
},
{
"category": "external",
"summary": "SUSE Bug 926396 for CVE-2015-2296",
"url": "https://bugzilla.suse.com/926396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:python-requests-2.8.1-6.9.1.noarch",
"SUSE Enterprise Storage 1.0:python-requests-2.8.1-6.9.1.noarch",
"SUSE Enterprise Storage 2:python-requests-2.8.1-6.9.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP1:python-requests-2.8.1-6.9.1.noarch",
"SUSE Linux Enterprise High Availability Extension 12:python-requests-2.8.1-6.9.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-requests-2.8.1-6.9.1.noarch",
"SUSE Linux Enterprise Server 12 SP1:python-requests-2.8.1-6.9.1.noarch",
"SUSE Linux Enterprise Server 12:python-requests-2.8.1-6.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:python-requests-2.8.1-6.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12:python-requests-2.8.1-6.9.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-01-13T20:05:42Z",
"details": "low"
}
],
"title": "CVE-2015-2296"
}
]
}
suse-su-2020:1792-1
Vulnerability from csaf_suse
Published
2020-06-26 12:07
Modified
2020-06-26 12:07
Summary
Security update for python3-requests
Notes
Title of the patch
Security update for python3-requests
Description of the patch
This update for python3-requests provides the following fix:
python-requests was updated to 2.20.1.
Update to version 2.20.1:
* Fixed bug with unintended Authorization header stripping for
redirects using default ports (http/80, https/443).
Update to version 2.20.0:
* Bugfixes
+ Content-Type header parsing is now case-insensitive
(e.g. charset=utf8 v Charset=utf8).
+ Fixed exception leak where certain redirect urls would raise
uncaught urllib3 exceptions.
+ Requests removes Authorization header from requests redirected
from https to http on the same hostname. (CVE-2018-18074)
+ should_bypass_proxies now handles URIs without hostnames
(e.g. files).
Update to version 2.19.1:
* Fixed issue where status_codes.py’s init function failed trying
to append to a __doc__ value of None.
Update to version 2.19.0:
* Improvements
+ Warn about possible slowdown with cryptography version < 1.3.4
+ Check host in proxy URL, before forwarding request to adapter.
+ Maintain fragments properly across redirects. (RFC7231 7.1.2)
+ Removed use of cgi module to expedite library load time.
+ Added support for SHA-256 and SHA-512 digest auth algorithms.
+ Minor performance improvement to Request.content.
* Bugfixes
+ Parsing empty Link headers with parse_header_links() no longer
return one bogus entry.
+ Fixed issue where loading the default certificate bundle from
a zip archive would raise an IOError.
+ Fixed issue with unexpected ImportError on windows system
which do not support winreg module.
+ DNS resolution in proxy bypass no longer includes the username
and password in the request. This also fixes the issue of DNS
queries failing on macOS.
+ Properly normalize adapter prefixes for url comparison.
+ Passing None as a file pointer to the files param no longer
raises an exception.
+ Calling copy on a RequestsCookieJar will now preserve the
cookie policy correctly.
Update to version 2.18.4:
* Improvements
+ Error messages for invalid headers now include the header name
for easier debugging
Update to version 2.18.3:
* Improvements
+ Running $ python -m requests.help now includes the installed
version of idna.
* Bugfixes
+ Fixed issue where Requests would raise ConnectionError instead
of SSLError when encountering SSL problems when using urllib3
v1.22.
- Add ca-certificates (and ca-certificates-mozilla) to dependencies, otherwise https
connections will fail.
Patchnames
HPE-Helion-OpenStack-8-2020-1792,SUSE-2020-1792,SUSE-OpenStack-Cloud-7-2020-1792,SUSE-OpenStack-Cloud-8-2020-1792,SUSE-OpenStack-Cloud-Crowbar-8-2020-1792,SUSE-SLE-Module-Public-Cloud-12-2020-1792,SUSE-SLE-SAP-12-SP2-2020-1792,SUSE-SLE-SAP-12-SP3-2020-1792,SUSE-SLE-SDK-12-SP5-2020-1792,SUSE-SLE-SERVER-12-SP2-2020-1792,SUSE-SLE-SERVER-12-SP2-BCL-2020-1792,SUSE-SLE-SERVER-12-SP3-2020-1792,SUSE-SLE-SERVER-12-SP3-BCL-2020-1792,SUSE-SLE-SERVER-12-SP4-2020-1792,SUSE-SLE-SERVER-12-SP5-2020-1792,SUSE-SLE-WE-12-SP5-2020-1792,SUSE-SUSE-Manager-Proxy-3.2-2020-1792,SUSE-SUSE-Manager-Server-3.2-2020-1792,SUSE-Storage-5-2020-1792
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python3-requests",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python3-requests provides the following fix:\n\npython-requests was updated to 2.20.1.\n\nUpdate to version 2.20.1:\n\n* Fixed bug with unintended Authorization header stripping for\n redirects using default ports (http/80, https/443).\n\nUpdate to version 2.20.0:\n\n* Bugfixes\n\n + Content-Type header parsing is now case-insensitive\n (e.g. charset=utf8 v Charset=utf8).\n + Fixed exception leak where certain redirect urls would raise\n uncaught urllib3 exceptions.\n + Requests removes Authorization header from requests redirected\n from https to http on the same hostname. (CVE-2018-18074)\n + should_bypass_proxies now handles URIs without hostnames\n (e.g. files).\n\nUpdate to version 2.19.1:\n\n* Fixed issue where status_codes.py\u2019s init function failed trying\n to append to a __doc__ value of None.\n\nUpdate to version 2.19.0:\n\n* Improvements\n\n + Warn about possible slowdown with cryptography version \u003c 1.3.4\n + Check host in proxy URL, before forwarding request to adapter.\n + Maintain fragments properly across redirects. (RFC7231 7.1.2)\n + Removed use of cgi module to expedite library load time.\n + Added support for SHA-256 and SHA-512 digest auth algorithms.\n + Minor performance improvement to Request.content.\n\n* Bugfixes\n\n + Parsing empty Link headers with parse_header_links() no longer\n return one bogus entry.\n + Fixed issue where loading the default certificate bundle from\n a zip archive would raise an IOError.\n + Fixed issue with unexpected ImportError on windows system\n which do not support winreg module.\n + DNS resolution in proxy bypass no longer includes the username\n and password in the request. This also fixes the issue of DNS\n queries failing on macOS.\n + Properly normalize adapter prefixes for url comparison.\n + Passing None as a file pointer to the files param no longer\n raises an exception.\n + Calling copy on a RequestsCookieJar will now preserve the\n cookie policy correctly.\n\nUpdate to version 2.18.4:\n\n* Improvements\n\n + Error messages for invalid headers now include the header name\n for easier debugging\n\nUpdate to version 2.18.3:\n\n* Improvements\n + Running $ python -m requests.help now includes the installed\n version of idna.\n* Bugfixes\n + Fixed issue where Requests would raise ConnectionError instead\n of SSLError when encountering SSL problems when using urllib3\n v1.22.\n\n- Add ca-certificates (and ca-certificates-mozilla) to dependencies, otherwise https\n connections will fail.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "HPE-Helion-OpenStack-8-2020-1792,SUSE-2020-1792,SUSE-OpenStack-Cloud-7-2020-1792,SUSE-OpenStack-Cloud-8-2020-1792,SUSE-OpenStack-Cloud-Crowbar-8-2020-1792,SUSE-SLE-Module-Public-Cloud-12-2020-1792,SUSE-SLE-SAP-12-SP2-2020-1792,SUSE-SLE-SAP-12-SP3-2020-1792,SUSE-SLE-SDK-12-SP5-2020-1792,SUSE-SLE-SERVER-12-SP2-2020-1792,SUSE-SLE-SERVER-12-SP2-BCL-2020-1792,SUSE-SLE-SERVER-12-SP3-2020-1792,SUSE-SLE-SERVER-12-SP3-BCL-2020-1792,SUSE-SLE-SERVER-12-SP4-2020-1792,SUSE-SLE-SERVER-12-SP5-2020-1792,SUSE-SLE-WE-12-SP5-2020-1792,SUSE-SUSE-Manager-Proxy-3.2-2020-1792,SUSE-SUSE-Manager-Server-3.2-2020-1792,SUSE-Storage-5-2020-1792",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_1792-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:1792-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201792-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:1792-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-June/007049.html"
},
{
"category": "self",
"summary": "SUSE Bug 1054413",
"url": "https://bugzilla.suse.com/1054413"
},
{
"category": "self",
"summary": "SUSE Bug 1073879",
"url": "https://bugzilla.suse.com/1073879"
},
{
"category": "self",
"summary": "SUSE Bug 1111622",
"url": "https://bugzilla.suse.com/1111622"
},
{
"category": "self",
"summary": "SUSE Bug 1122668",
"url": "https://bugzilla.suse.com/1122668"
},
{
"category": "self",
"summary": "SUSE Bug 761500",
"url": "https://bugzilla.suse.com/761500"
},
{
"category": "self",
"summary": "SUSE Bug 922448",
"url": "https://bugzilla.suse.com/922448"
},
{
"category": "self",
"summary": "SUSE Bug 929736",
"url": "https://bugzilla.suse.com/929736"
},
{
"category": "self",
"summary": "SUSE Bug 935252",
"url": "https://bugzilla.suse.com/935252"
},
{
"category": "self",
"summary": "SUSE Bug 945455",
"url": "https://bugzilla.suse.com/945455"
},
{
"category": "self",
"summary": "SUSE Bug 947357",
"url": "https://bugzilla.suse.com/947357"
},
{
"category": "self",
"summary": "SUSE Bug 961596",
"url": "https://bugzilla.suse.com/961596"
},
{
"category": "self",
"summary": "SUSE Bug 967128",
"url": "https://bugzilla.suse.com/967128"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-2296 page",
"url": "https://www.suse.com/security/cve/CVE-2015-2296/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18074 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18074/"
}
],
"title": "Security update for python3-requests",
"tracking": {
"current_release_date": "2020-06-26T12:07:54Z",
"generator": {
"date": "2020-06-26T12:07:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:1792-1",
"initial_release_date": "2020-06-26T12:07:54Z",
"revision_history": [
{
"date": "2020-06-26T12:07:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python3-certifi-2018.4.16-3.6.1.noarch",
"product": {
"name": "python3-certifi-2018.4.16-3.6.1.noarch",
"product_id": "python3-certifi-2018.4.16-3.6.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-chardet-3.0.4-5.6.1.noarch",
"product": {
"name": "python3-chardet-3.0.4-5.6.1.noarch",
"product_id": "python3-chardet-3.0.4-5.6.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-requests-2.20.1-5.2.noarch",
"product": {
"name": "python3-requests-2.20.1-5.2.noarch",
"product_id": "python3-requests-2.20.1-5.2.noarch"
}
},
{
"category": "product_version",
"name": "python3-urllib3-1.22-3.20.1.noarch",
"product": {
"name": "python3-urllib3-1.22-3.20.1.noarch",
"product_id": "python3-urllib3-1.22-3.20.1.noarch"
}
},
{
"category": "product_version",
"name": "python-certifi-2018.4.16-3.6.1.noarch",
"product": {
"name": "python-certifi-2018.4.16-3.6.1.noarch",
"product_id": "python-certifi-2018.4.16-3.6.1.noarch"
}
},
{
"category": "product_version",
"name": "python-chardet-3.0.4-5.6.1.noarch",
"product": {
"name": "python-chardet-3.0.4-5.6.1.noarch",
"product_id": "python-chardet-3.0.4-5.6.1.noarch"
}
},
{
"category": "product_version",
"name": "python-urllib3-1.22-3.20.1.noarch",
"product": {
"name": "python-urllib3-1.22-3.20.1.noarch",
"product_id": "python-urllib3-1.22-3.20.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Helion OpenStack 8",
"product": {
"name": "HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:hpe-helion-openstack:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 8",
"product": {
"name": "SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 12",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Workstation Extension 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Workstation Extension 12 SP5",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-we:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 3.2",
"product": {
"name": "SUSE Manager Proxy 3.2",
"product_id": "SUSE Manager Proxy 3.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:3.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 3.2",
"product": {
"name": "SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:3.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 5",
"product": {
"name": "SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-certifi-2018.4.16-3.6.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:python3-certifi-2018.4.16-3.6.1.noarch"
},
"product_reference": "python3-certifi-2018.4.16-3.6.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-chardet-3.0.4-5.6.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:python3-chardet-3.0.4-5.6.1.noarch"
},
"product_reference": "python3-chardet-3.0.4-5.6.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-requests-2.20.1-5.2.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:python3-requests-2.20.1-5.2.noarch"
},
"product_reference": "python3-requests-2.20.1-5.2.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-urllib3-1.22-3.20.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:python3-urllib3-1.22-3.20.1.noarch"
},
"product_reference": "python3-urllib3-1.22-3.20.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-certifi-2018.4.16-3.6.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:python3-certifi-2018.4.16-3.6.1.noarch"
},
"product_reference": "python3-certifi-2018.4.16-3.6.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-chardet-3.0.4-5.6.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:python3-chardet-3.0.4-5.6.1.noarch"
},
"product_reference": "python3-chardet-3.0.4-5.6.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-requests-2.20.1-5.2.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:python3-requests-2.20.1-5.2.noarch"
},
"product_reference": "python3-requests-2.20.1-5.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-urllib3-1.22-3.20.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:python3-urllib3-1.22-3.20.1.noarch"
},
"product_reference": "python3-urllib3-1.22-3.20.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-certifi-2018.4.16-3.6.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:python3-certifi-2018.4.16-3.6.1.noarch"
},
"product_reference": "python3-certifi-2018.4.16-3.6.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-chardet-3.0.4-5.6.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:python3-chardet-3.0.4-5.6.1.noarch"
},
"product_reference": "python3-chardet-3.0.4-5.6.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-requests-2.20.1-5.2.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:python3-requests-2.20.1-5.2.noarch"
},
"product_reference": "python3-requests-2.20.1-5.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-urllib3-1.22-3.20.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:python3-urllib3-1.22-3.20.1.noarch"
},
"product_reference": "python3-urllib3-1.22-3.20.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-certifi-2018.4.16-3.6.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:python3-certifi-2018.4.16-3.6.1.noarch"
},
"product_reference": "python3-certifi-2018.4.16-3.6.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-chardet-3.0.4-5.6.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:python3-chardet-3.0.4-5.6.1.noarch"
},
"product_reference": "python3-chardet-3.0.4-5.6.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-requests-2.20.1-5.2.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:python3-requests-2.20.1-5.2.noarch"
},
"product_reference": "python3-requests-2.20.1-5.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-urllib3-1.22-3.20.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:python3-urllib3-1.22-3.20.1.noarch"
},
"product_reference": "python3-urllib3-1.22-3.20.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-certifi-2018.4.16-3.6.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python-certifi-2018.4.16-3.6.1.noarch"
},
"product_reference": "python-certifi-2018.4.16-3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-chardet-3.0.4-5.6.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python-chardet-3.0.4-5.6.1.noarch"
},
"product_reference": "python-chardet-3.0.4-5.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-urllib3-1.22-3.20.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python-urllib3-1.22-3.20.1.noarch"
},
"product_reference": "python-urllib3-1.22-3.20.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-certifi-2018.4.16-3.6.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python3-certifi-2018.4.16-3.6.1.noarch"
},
"product_reference": "python3-certifi-2018.4.16-3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-chardet-3.0.4-5.6.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python3-chardet-3.0.4-5.6.1.noarch"
},
"product_reference": "python3-chardet-3.0.4-5.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-urllib3-1.22-3.20.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python3-urllib3-1.22-3.20.1.noarch"
},
"product_reference": "python3-urllib3-1.22-3.20.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-certifi-2018.4.16-3.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-certifi-2018.4.16-3.6.1.noarch"
},
"product_reference": "python3-certifi-2018.4.16-3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-chardet-3.0.4-5.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-chardet-3.0.4-5.6.1.noarch"
},
"product_reference": "python3-chardet-3.0.4-5.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-requests-2.20.1-5.2.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-requests-2.20.1-5.2.noarch"
},
"product_reference": "python3-requests-2.20.1-5.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-urllib3-1.22-3.20.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-urllib3-1.22-3.20.1.noarch"
},
"product_reference": "python3-urllib3-1.22-3.20.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-certifi-2018.4.16-3.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-certifi-2018.4.16-3.6.1.noarch"
},
"product_reference": "python3-certifi-2018.4.16-3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-chardet-3.0.4-5.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-chardet-3.0.4-5.6.1.noarch"
},
"product_reference": "python3-chardet-3.0.4-5.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-requests-2.20.1-5.2.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-requests-2.20.1-5.2.noarch"
},
"product_reference": "python3-requests-2.20.1-5.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-urllib3-1.22-3.20.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-urllib3-1.22-3.20.1.noarch"
},
"product_reference": "python3-urllib3-1.22-3.20.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-certifi-2018.4.16-3.6.1.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:python3-certifi-2018.4.16-3.6.1.noarch"
},
"product_reference": "python3-certifi-2018.4.16-3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-chardet-3.0.4-5.6.1.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:python3-chardet-3.0.4-5.6.1.noarch"
},
"product_reference": "python3-chardet-3.0.4-5.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-requests-2.20.1-5.2.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:python3-requests-2.20.1-5.2.noarch"
},
"product_reference": "python3-requests-2.20.1-5.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-urllib3-1.22-3.20.1.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:python3-urllib3-1.22-3.20.1.noarch"
},
"product_reference": "python3-urllib3-1.22-3.20.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-certifi-2018.4.16-3.6.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:python3-certifi-2018.4.16-3.6.1.noarch"
},
"product_reference": "python3-certifi-2018.4.16-3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-chardet-3.0.4-5.6.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:python3-chardet-3.0.4-5.6.1.noarch"
},
"product_reference": "python3-chardet-3.0.4-5.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-requests-2.20.1-5.2.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:python3-requests-2.20.1-5.2.noarch"
},
"product_reference": "python3-requests-2.20.1-5.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-urllib3-1.22-3.20.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:python3-urllib3-1.22-3.20.1.noarch"
},
"product_reference": "python3-urllib3-1.22-3.20.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-certifi-2018.4.16-3.6.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:python3-certifi-2018.4.16-3.6.1.noarch"
},
"product_reference": "python3-certifi-2018.4.16-3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-chardet-3.0.4-5.6.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:python3-chardet-3.0.4-5.6.1.noarch"
},
"product_reference": "python3-chardet-3.0.4-5.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-requests-2.20.1-5.2.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:python3-requests-2.20.1-5.2.noarch"
},
"product_reference": "python3-requests-2.20.1-5.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-urllib3-1.22-3.20.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:python3-urllib3-1.22-3.20.1.noarch"
},
"product_reference": "python3-urllib3-1.22-3.20.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-certifi-2018.4.16-3.6.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:python3-certifi-2018.4.16-3.6.1.noarch"
},
"product_reference": "python3-certifi-2018.4.16-3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-chardet-3.0.4-5.6.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:python3-chardet-3.0.4-5.6.1.noarch"
},
"product_reference": "python3-chardet-3.0.4-5.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-requests-2.20.1-5.2.noarch as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:python3-requests-2.20.1-5.2.noarch"
},
"product_reference": "python3-requests-2.20.1-5.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-urllib3-1.22-3.20.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:python3-urllib3-1.22-3.20.1.noarch"
},
"product_reference": "python3-urllib3-1.22-3.20.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-certifi-2018.4.16-3.6.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:python3-certifi-2018.4.16-3.6.1.noarch"
},
"product_reference": "python3-certifi-2018.4.16-3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-chardet-3.0.4-5.6.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:python3-chardet-3.0.4-5.6.1.noarch"
},
"product_reference": "python3-chardet-3.0.4-5.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-requests-2.20.1-5.2.noarch as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:python3-requests-2.20.1-5.2.noarch"
},
"product_reference": "python3-requests-2.20.1-5.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-urllib3-1.22-3.20.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:python3-urllib3-1.22-3.20.1.noarch"
},
"product_reference": "python3-urllib3-1.22-3.20.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-chardet-3.0.4-5.6.1.noarch as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:python-chardet-3.0.4-5.6.1.noarch"
},
"product_reference": "python-chardet-3.0.4-5.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-certifi-2018.4.16-3.6.1.noarch as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:python3-certifi-2018.4.16-3.6.1.noarch"
},
"product_reference": "python3-certifi-2018.4.16-3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-chardet-3.0.4-5.6.1.noarch as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:python3-chardet-3.0.4-5.6.1.noarch"
},
"product_reference": "python3-chardet-3.0.4-5.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-requests-2.20.1-5.2.noarch as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:python3-requests-2.20.1-5.2.noarch"
},
"product_reference": "python3-requests-2.20.1-5.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-urllib3-1.22-3.20.1.noarch as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:python3-urllib3-1.22-3.20.1.noarch"
},
"product_reference": "python3-urllib3-1.22-3.20.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-chardet-3.0.4-5.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-chardet-3.0.4-5.6.1.noarch"
},
"product_reference": "python-chardet-3.0.4-5.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-certifi-2018.4.16-3.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-certifi-2018.4.16-3.6.1.noarch"
},
"product_reference": "python3-certifi-2018.4.16-3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-chardet-3.0.4-5.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-chardet-3.0.4-5.6.1.noarch"
},
"product_reference": "python3-chardet-3.0.4-5.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-requests-2.20.1-5.2.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-requests-2.20.1-5.2.noarch"
},
"product_reference": "python3-requests-2.20.1-5.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-urllib3-1.22-3.20.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-urllib3-1.22-3.20.1.noarch"
},
"product_reference": "python3-urllib3-1.22-3.20.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-certifi-2018.4.16-3.6.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python-certifi-2018.4.16-3.6.1.noarch"
},
"product_reference": "python-certifi-2018.4.16-3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-chardet-3.0.4-5.6.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python-chardet-3.0.4-5.6.1.noarch"
},
"product_reference": "python-chardet-3.0.4-5.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-urllib3-1.22-3.20.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python-urllib3-1.22-3.20.1.noarch"
},
"product_reference": "python-urllib3-1.22-3.20.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-certifi-2018.4.16-3.6.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python3-certifi-2018.4.16-3.6.1.noarch"
},
"product_reference": "python3-certifi-2018.4.16-3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-chardet-3.0.4-5.6.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python3-chardet-3.0.4-5.6.1.noarch"
},
"product_reference": "python3-chardet-3.0.4-5.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-requests-2.20.1-5.2.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python3-requests-2.20.1-5.2.noarch"
},
"product_reference": "python3-requests-2.20.1-5.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-urllib3-1.22-3.20.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python3-urllib3-1.22-3.20.1.noarch"
},
"product_reference": "python3-urllib3-1.22-3.20.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-certifi-2018.4.16-3.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-certifi-2018.4.16-3.6.1.noarch"
},
"product_reference": "python-certifi-2018.4.16-3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-chardet-3.0.4-5.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-chardet-3.0.4-5.6.1.noarch"
},
"product_reference": "python-chardet-3.0.4-5.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-urllib3-1.22-3.20.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-urllib3-1.22-3.20.1.noarch"
},
"product_reference": "python-urllib3-1.22-3.20.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-certifi-2018.4.16-3.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-certifi-2018.4.16-3.6.1.noarch"
},
"product_reference": "python3-certifi-2018.4.16-3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-chardet-3.0.4-5.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-chardet-3.0.4-5.6.1.noarch"
},
"product_reference": "python3-chardet-3.0.4-5.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-requests-2.20.1-5.2.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-requests-2.20.1-5.2.noarch"
},
"product_reference": "python3-requests-2.20.1-5.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-urllib3-1.22-3.20.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-urllib3-1.22-3.20.1.noarch"
},
"product_reference": "python3-urllib3-1.22-3.20.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-certifi-2018.4.16-3.6.1.noarch as component of SUSE Linux Enterprise Workstation Extension 12 SP5",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP5:python3-certifi-2018.4.16-3.6.1.noarch"
},
"product_reference": "python3-certifi-2018.4.16-3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-chardet-3.0.4-5.6.1.noarch as component of SUSE Linux Enterprise Workstation Extension 12 SP5",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP5:python3-chardet-3.0.4-5.6.1.noarch"
},
"product_reference": "python3-chardet-3.0.4-5.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-requests-2.20.1-5.2.noarch as component of SUSE Linux Enterprise Workstation Extension 12 SP5",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP5:python3-requests-2.20.1-5.2.noarch"
},
"product_reference": "python3-requests-2.20.1-5.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-urllib3-1.22-3.20.1.noarch as component of SUSE Linux Enterprise Workstation Extension 12 SP5",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP5:python3-urllib3-1.22-3.20.1.noarch"
},
"product_reference": "python3-urllib3-1.22-3.20.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-certifi-2018.4.16-3.6.1.noarch as component of SUSE Manager Proxy 3.2",
"product_id": "SUSE Manager Proxy 3.2:python3-certifi-2018.4.16-3.6.1.noarch"
},
"product_reference": "python3-certifi-2018.4.16-3.6.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-chardet-3.0.4-5.6.1.noarch as component of SUSE Manager Proxy 3.2",
"product_id": "SUSE Manager Proxy 3.2:python3-chardet-3.0.4-5.6.1.noarch"
},
"product_reference": "python3-chardet-3.0.4-5.6.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-requests-2.20.1-5.2.noarch as component of SUSE Manager Proxy 3.2",
"product_id": "SUSE Manager Proxy 3.2:python3-requests-2.20.1-5.2.noarch"
},
"product_reference": "python3-requests-2.20.1-5.2.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-urllib3-1.22-3.20.1.noarch as component of SUSE Manager Proxy 3.2",
"product_id": "SUSE Manager Proxy 3.2:python3-urllib3-1.22-3.20.1.noarch"
},
"product_reference": "python3-urllib3-1.22-3.20.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-certifi-2018.4.16-3.6.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:python-certifi-2018.4.16-3.6.1.noarch"
},
"product_reference": "python-certifi-2018.4.16-3.6.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-chardet-3.0.4-5.6.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:python-chardet-3.0.4-5.6.1.noarch"
},
"product_reference": "python-chardet-3.0.4-5.6.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-urllib3-1.22-3.20.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:python-urllib3-1.22-3.20.1.noarch"
},
"product_reference": "python-urllib3-1.22-3.20.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-certifi-2018.4.16-3.6.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:python3-certifi-2018.4.16-3.6.1.noarch"
},
"product_reference": "python3-certifi-2018.4.16-3.6.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-chardet-3.0.4-5.6.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:python3-chardet-3.0.4-5.6.1.noarch"
},
"product_reference": "python3-chardet-3.0.4-5.6.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-requests-2.20.1-5.2.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:python3-requests-2.20.1-5.2.noarch"
},
"product_reference": "python3-requests-2.20.1-5.2.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-urllib3-1.22-3.20.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:python3-urllib3-1.22-3.20.1.noarch"
},
"product_reference": "python3-urllib3-1.22-3.20.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-urllib3-1.22-3.20.1.noarch as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:python-urllib3-1.22-3.20.1.noarch"
},
"product_reference": "python-urllib3-1.22-3.20.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-certifi-2018.4.16-3.6.1.noarch as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:python3-certifi-2018.4.16-3.6.1.noarch"
},
"product_reference": "python3-certifi-2018.4.16-3.6.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-chardet-3.0.4-5.6.1.noarch as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:python3-chardet-3.0.4-5.6.1.noarch"
},
"product_reference": "python3-chardet-3.0.4-5.6.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-requests-2.20.1-5.2.noarch as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:python3-requests-2.20.1-5.2.noarch"
},
"product_reference": "python3-requests-2.20.1-5.2.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-urllib3-1.22-3.20.1.noarch as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:python3-urllib3-1.22-3.20.1.noarch"
},
"product_reference": "python3-urllib3-1.22-3.20.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-2296",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-2296"
}
],
"notes": [
{
"category": "general",
"text": "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:python3-certifi-2018.4.16-3.6.1.noarch",
"HPE Helion OpenStack 8:python3-chardet-3.0.4-5.6.1.noarch",
"HPE Helion OpenStack 8:python3-requests-2.20.1-5.2.noarch",
"HPE Helion OpenStack 8:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Enterprise Storage 5:python-urllib3-1.22-3.20.1.noarch",
"SUSE Enterprise Storage 5:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Enterprise Storage 5:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Enterprise Storage 5:python3-requests-2.20.1-5.2.noarch",
"SUSE Enterprise Storage 5:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP5:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP5:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP5:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP5:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP5:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Workstation Extension 12 SP5:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Workstation Extension 12 SP5:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Workstation Extension 12 SP5:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Workstation Extension 12 SP5:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Manager Proxy 3.2:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Manager Proxy 3.2:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Manager Proxy 3.2:python3-requests-2.20.1-5.2.noarch",
"SUSE Manager Proxy 3.2:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Manager Server 3.2:python-certifi-2018.4.16-3.6.1.noarch",
"SUSE Manager Server 3.2:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Manager Server 3.2:python-urllib3-1.22-3.20.1.noarch",
"SUSE Manager Server 3.2:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Manager Server 3.2:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Manager Server 3.2:python3-requests-2.20.1-5.2.noarch",
"SUSE Manager Server 3.2:python3-urllib3-1.22-3.20.1.noarch",
"SUSE OpenStack Cloud 7:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE OpenStack Cloud 7:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE OpenStack Cloud 7:python3-requests-2.20.1-5.2.noarch",
"SUSE OpenStack Cloud 7:python3-urllib3-1.22-3.20.1.noarch",
"SUSE OpenStack Cloud 8:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE OpenStack Cloud 8:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE OpenStack Cloud 8:python3-requests-2.20.1-5.2.noarch",
"SUSE OpenStack Cloud 8:python3-urllib3-1.22-3.20.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python3-requests-2.20.1-5.2.noarch",
"SUSE OpenStack Cloud Crowbar 8:python3-urllib3-1.22-3.20.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-2296",
"url": "https://www.suse.com/security/cve/CVE-2015-2296"
},
{
"category": "external",
"summary": "SUSE Bug 922448 for CVE-2015-2296",
"url": "https://bugzilla.suse.com/922448"
},
{
"category": "external",
"summary": "SUSE Bug 926396 for CVE-2015-2296",
"url": "https://bugzilla.suse.com/926396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:python3-certifi-2018.4.16-3.6.1.noarch",
"HPE Helion OpenStack 8:python3-chardet-3.0.4-5.6.1.noarch",
"HPE Helion OpenStack 8:python3-requests-2.20.1-5.2.noarch",
"HPE Helion OpenStack 8:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Enterprise Storage 5:python-urllib3-1.22-3.20.1.noarch",
"SUSE Enterprise Storage 5:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Enterprise Storage 5:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Enterprise Storage 5:python3-requests-2.20.1-5.2.noarch",
"SUSE Enterprise Storage 5:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP5:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP5:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP5:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP5:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP5:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Workstation Extension 12 SP5:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Workstation Extension 12 SP5:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Workstation Extension 12 SP5:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Workstation Extension 12 SP5:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Manager Proxy 3.2:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Manager Proxy 3.2:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Manager Proxy 3.2:python3-requests-2.20.1-5.2.noarch",
"SUSE Manager Proxy 3.2:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Manager Server 3.2:python-certifi-2018.4.16-3.6.1.noarch",
"SUSE Manager Server 3.2:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Manager Server 3.2:python-urllib3-1.22-3.20.1.noarch",
"SUSE Manager Server 3.2:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Manager Server 3.2:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Manager Server 3.2:python3-requests-2.20.1-5.2.noarch",
"SUSE Manager Server 3.2:python3-urllib3-1.22-3.20.1.noarch",
"SUSE OpenStack Cloud 7:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE OpenStack Cloud 7:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE OpenStack Cloud 7:python3-requests-2.20.1-5.2.noarch",
"SUSE OpenStack Cloud 7:python3-urllib3-1.22-3.20.1.noarch",
"SUSE OpenStack Cloud 8:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE OpenStack Cloud 8:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE OpenStack Cloud 8:python3-requests-2.20.1-5.2.noarch",
"SUSE OpenStack Cloud 8:python3-urllib3-1.22-3.20.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python3-requests-2.20.1-5.2.noarch",
"SUSE OpenStack Cloud Crowbar 8:python3-urllib3-1.22-3.20.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-26T12:07:54Z",
"details": "low"
}
],
"title": "CVE-2015-2296"
},
{
"cve": "CVE-2018-18074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18074"
}
],
"notes": [
{
"category": "general",
"text": "The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:python3-certifi-2018.4.16-3.6.1.noarch",
"HPE Helion OpenStack 8:python3-chardet-3.0.4-5.6.1.noarch",
"HPE Helion OpenStack 8:python3-requests-2.20.1-5.2.noarch",
"HPE Helion OpenStack 8:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Enterprise Storage 5:python-urllib3-1.22-3.20.1.noarch",
"SUSE Enterprise Storage 5:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Enterprise Storage 5:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Enterprise Storage 5:python3-requests-2.20.1-5.2.noarch",
"SUSE Enterprise Storage 5:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP5:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP5:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP5:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP5:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP5:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Workstation Extension 12 SP5:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Workstation Extension 12 SP5:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Workstation Extension 12 SP5:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Workstation Extension 12 SP5:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Manager Proxy 3.2:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Manager Proxy 3.2:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Manager Proxy 3.2:python3-requests-2.20.1-5.2.noarch",
"SUSE Manager Proxy 3.2:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Manager Server 3.2:python-certifi-2018.4.16-3.6.1.noarch",
"SUSE Manager Server 3.2:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Manager Server 3.2:python-urllib3-1.22-3.20.1.noarch",
"SUSE Manager Server 3.2:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Manager Server 3.2:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Manager Server 3.2:python3-requests-2.20.1-5.2.noarch",
"SUSE Manager Server 3.2:python3-urllib3-1.22-3.20.1.noarch",
"SUSE OpenStack Cloud 7:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE OpenStack Cloud 7:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE OpenStack Cloud 7:python3-requests-2.20.1-5.2.noarch",
"SUSE OpenStack Cloud 7:python3-urllib3-1.22-3.20.1.noarch",
"SUSE OpenStack Cloud 8:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE OpenStack Cloud 8:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE OpenStack Cloud 8:python3-requests-2.20.1-5.2.noarch",
"SUSE OpenStack Cloud 8:python3-urllib3-1.22-3.20.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python3-requests-2.20.1-5.2.noarch",
"SUSE OpenStack Cloud Crowbar 8:python3-urllib3-1.22-3.20.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18074",
"url": "https://www.suse.com/security/cve/CVE-2018-18074"
},
{
"category": "external",
"summary": "SUSE Bug 1111622 for CVE-2018-18074",
"url": "https://bugzilla.suse.com/1111622"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:python3-certifi-2018.4.16-3.6.1.noarch",
"HPE Helion OpenStack 8:python3-chardet-3.0.4-5.6.1.noarch",
"HPE Helion OpenStack 8:python3-requests-2.20.1-5.2.noarch",
"HPE Helion OpenStack 8:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Enterprise Storage 5:python-urllib3-1.22-3.20.1.noarch",
"SUSE Enterprise Storage 5:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Enterprise Storage 5:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Enterprise Storage 5:python3-requests-2.20.1-5.2.noarch",
"SUSE Enterprise Storage 5:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP5:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP5:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP5:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP5:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP5:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Workstation Extension 12 SP5:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Workstation Extension 12 SP5:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Workstation Extension 12 SP5:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Workstation Extension 12 SP5:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Manager Proxy 3.2:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Manager Proxy 3.2:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Manager Proxy 3.2:python3-requests-2.20.1-5.2.noarch",
"SUSE Manager Proxy 3.2:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Manager Server 3.2:python-certifi-2018.4.16-3.6.1.noarch",
"SUSE Manager Server 3.2:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Manager Server 3.2:python-urllib3-1.22-3.20.1.noarch",
"SUSE Manager Server 3.2:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Manager Server 3.2:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Manager Server 3.2:python3-requests-2.20.1-5.2.noarch",
"SUSE Manager Server 3.2:python3-urllib3-1.22-3.20.1.noarch",
"SUSE OpenStack Cloud 7:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE OpenStack Cloud 7:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE OpenStack Cloud 7:python3-requests-2.20.1-5.2.noarch",
"SUSE OpenStack Cloud 7:python3-urllib3-1.22-3.20.1.noarch",
"SUSE OpenStack Cloud 8:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE OpenStack Cloud 8:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE OpenStack Cloud 8:python3-requests-2.20.1-5.2.noarch",
"SUSE OpenStack Cloud 8:python3-urllib3-1.22-3.20.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python3-requests-2.20.1-5.2.noarch",
"SUSE OpenStack Cloud Crowbar 8:python3-urllib3-1.22-3.20.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:python3-certifi-2018.4.16-3.6.1.noarch",
"HPE Helion OpenStack 8:python3-chardet-3.0.4-5.6.1.noarch",
"HPE Helion OpenStack 8:python3-requests-2.20.1-5.2.noarch",
"HPE Helion OpenStack 8:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Enterprise Storage 5:python-urllib3-1.22-3.20.1.noarch",
"SUSE Enterprise Storage 5:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Enterprise Storage 5:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Enterprise Storage 5:python3-requests-2.20.1-5.2.noarch",
"SUSE Enterprise Storage 5:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server 12 SP5:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP5:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP5:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP5:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP5:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Linux Enterprise Workstation Extension 12 SP5:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Linux Enterprise Workstation Extension 12 SP5:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Linux Enterprise Workstation Extension 12 SP5:python3-requests-2.20.1-5.2.noarch",
"SUSE Linux Enterprise Workstation Extension 12 SP5:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Manager Proxy 3.2:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Manager Proxy 3.2:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Manager Proxy 3.2:python3-requests-2.20.1-5.2.noarch",
"SUSE Manager Proxy 3.2:python3-urllib3-1.22-3.20.1.noarch",
"SUSE Manager Server 3.2:python-certifi-2018.4.16-3.6.1.noarch",
"SUSE Manager Server 3.2:python-chardet-3.0.4-5.6.1.noarch",
"SUSE Manager Server 3.2:python-urllib3-1.22-3.20.1.noarch",
"SUSE Manager Server 3.2:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE Manager Server 3.2:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE Manager Server 3.2:python3-requests-2.20.1-5.2.noarch",
"SUSE Manager Server 3.2:python3-urllib3-1.22-3.20.1.noarch",
"SUSE OpenStack Cloud 7:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE OpenStack Cloud 7:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE OpenStack Cloud 7:python3-requests-2.20.1-5.2.noarch",
"SUSE OpenStack Cloud 7:python3-urllib3-1.22-3.20.1.noarch",
"SUSE OpenStack Cloud 8:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE OpenStack Cloud 8:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE OpenStack Cloud 8:python3-requests-2.20.1-5.2.noarch",
"SUSE OpenStack Cloud 8:python3-urllib3-1.22-3.20.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python3-certifi-2018.4.16-3.6.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python3-chardet-3.0.4-5.6.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python3-requests-2.20.1-5.2.noarch",
"SUSE OpenStack Cloud Crowbar 8:python3-urllib3-1.22-3.20.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-26T12:07:54Z",
"details": "moderate"
}
],
"title": "CVE-2018-18074"
}
]
}
suse-fu-2021:2130-1
Vulnerability from csaf_suse
Published
2021-06-23 07:10
Modified
2021-06-23 07:10
Summary
Feature implementation for python39-pip, python39-setuptools
Notes
Title of the patch
Feature implementation for python39-pip, python39-setuptools
Description of the patch
This update for python39-pip, python39-setuptools fixes the following issues:
Changes in python39-setuptools:
- Provide `python39-setuptools` version 44.1.1 with vendored dependencies. (jsc#SLE-17532, jsc#SLE-17957)
Changes in python39-pip:
- Provide `python39-pip` version 20.2.4 with vendored dependencies. (jsc#SLE-17532, jsc#SLE-17957)
Patchnames
SUSE-2021-2130,SUSE-SLE-Module-Basesystem-15-SP3-2021-2130
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Feature implementation for python39-pip, python39-setuptools",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python39-pip, python39-setuptools fixes the following issues:\n\nChanges in python39-setuptools:\n\n- Provide `python39-setuptools` version 44.1.1 with vendored dependencies. (jsc#SLE-17532, jsc#SLE-17957)\n\nChanges in python39-pip:\n\n- Provide `python39-pip` version 20.2.4 with vendored dependencies. (jsc#SLE-17532, jsc#SLE-17957)\n\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-2130,SUSE-SLE-Module-Basesystem-15-SP3-2021-2130",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-fu-2021_2130-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-FU-2021:2130-1",
"url": "https://www.suse.com/support/update/announcement//suse-fu-20212130-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-FU-2021:2130-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2021-June/019414.html"
},
{
"category": "self",
"summary": "SUSE Bug 1176262",
"url": "https://bugzilla.suse.com/1176262"
},
{
"category": "self",
"summary": "SUSE Bug 1177127",
"url": "https://bugzilla.suse.com/1177127"
},
{
"category": "self",
"summary": "SUSE Bug 1187170",
"url": "https://bugzilla.suse.com/1187170"
},
{
"category": "self",
"summary": "SUSE Bug 428177",
"url": "https://bugzilla.suse.com/428177"
},
{
"category": "self",
"summary": "SUSE Bug 842516",
"url": "https://bugzilla.suse.com/842516"
},
{
"category": "self",
"summary": "SUSE Bug 913229",
"url": "https://bugzilla.suse.com/913229"
},
{
"category": "self",
"summary": "SUSE Bug 930189",
"url": "https://bugzilla.suse.com/930189"
},
{
"category": "self",
"summary": "SUSE Bug 993968",
"url": "https://bugzilla.suse.com/993968"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-5123 page",
"url": "https://www.suse.com/security/cve/CVE-2013-5123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-8991 page",
"url": "https://www.suse.com/security/cve/CVE-2014-8991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-2296 page",
"url": "https://www.suse.com/security/cve/CVE-2015-2296/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-20916 page",
"url": "https://www.suse.com/security/cve/CVE-2019-20916/"
}
],
"title": "Feature implementation for python39-pip, python39-setuptools",
"tracking": {
"current_release_date": "2021-06-23T07:10:31Z",
"generator": {
"date": "2021-06-23T07:10:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-FU-2021:2130-1",
"initial_release_date": "2021-06-23T07:10:31Z",
"revision_history": [
{
"date": "2021-06-23T07:10:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python39-pip-20.2.4-7.5.1.noarch",
"product": {
"name": "python39-pip-20.2.4-7.5.1.noarch",
"product_id": "python39-pip-20.2.4-7.5.1.noarch"
}
},
{
"category": "product_version",
"name": "python39-setuptools-44.1.1-7.3.1.noarch",
"product": {
"name": "python39-setuptools-44.1.1-7.3.1.noarch",
"product_id": "python39-setuptools-44.1.1-7.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pip-20.2.4-7.5.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-pip-20.2.4-7.5.1.noarch"
},
"product_reference": "python39-pip-20.2.4-7.5.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-setuptools-44.1.1-7.3.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-setuptools-44.1.1-7.3.1.noarch"
},
"product_reference": "python39-setuptools-44.1.1-7.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-5123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-5123"
}
],
"notes": [
{
"category": "general",
"text": "The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-pip-20.2.4-7.5.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-setuptools-44.1.1-7.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-5123",
"url": "https://www.suse.com/security/cve/CVE-2013-5123"
},
{
"category": "external",
"summary": "SUSE Bug 864406 for CVE-2013-5123",
"url": "https://bugzilla.suse.com/864406"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-pip-20.2.4-7.5.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-setuptools-44.1.1-7.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-pip-20.2.4-7.5.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-setuptools-44.1.1-7.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-23T07:10:31Z",
"details": "moderate"
}
],
"title": "CVE-2013-5123"
},
{
"cve": "CVE-2014-8991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-8991"
}
],
"notes": [
{
"category": "general",
"text": "pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-pip-20.2.4-7.5.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-setuptools-44.1.1-7.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-8991",
"url": "https://www.suse.com/security/cve/CVE-2014-8991"
},
{
"category": "external",
"summary": "SUSE Bug 907038 for CVE-2014-8991",
"url": "https://bugzilla.suse.com/907038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-pip-20.2.4-7.5.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-setuptools-44.1.1-7.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-pip-20.2.4-7.5.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-setuptools-44.1.1-7.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-23T07:10:31Z",
"details": "moderate"
}
],
"title": "CVE-2014-8991"
},
{
"cve": "CVE-2015-2296",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-2296"
}
],
"notes": [
{
"category": "general",
"text": "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-pip-20.2.4-7.5.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-setuptools-44.1.1-7.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-2296",
"url": "https://www.suse.com/security/cve/CVE-2015-2296"
},
{
"category": "external",
"summary": "SUSE Bug 922448 for CVE-2015-2296",
"url": "https://bugzilla.suse.com/922448"
},
{
"category": "external",
"summary": "SUSE Bug 926396 for CVE-2015-2296",
"url": "https://bugzilla.suse.com/926396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-pip-20.2.4-7.5.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-setuptools-44.1.1-7.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-23T07:10:31Z",
"details": "low"
}
],
"title": "CVE-2015-2296"
},
{
"cve": "CVE-2019-20916",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-20916"
}
],
"notes": [
{
"category": "general",
"text": "The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-pip-20.2.4-7.5.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-setuptools-44.1.1-7.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-20916",
"url": "https://www.suse.com/security/cve/CVE-2019-20916"
},
{
"category": "external",
"summary": "SUSE Bug 1176262 for CVE-2019-20916",
"url": "https://bugzilla.suse.com/1176262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-pip-20.2.4-7.5.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-setuptools-44.1.1-7.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-pip-20.2.4-7.5.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:python39-setuptools-44.1.1-7.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-23T07:10:31Z",
"details": "moderate"
}
],
"title": "CVE-2019-20916"
}
]
}
suse-su-2015:2156-1
Vulnerability from csaf_suse
Published
2015-11-30 11:07
Modified
2015-11-30 11:07
Summary
Security update for python-requests
Notes
Title of the patch
Security update for python-requests
Description of the patch
python-requests was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-2296: The resolve_redirects function in sessions.py allowed remote attackers to
conduct session fixation attacks via a cookie without a host value in a redirect. (bsc#922448)
This non-security issue was fixed:
- Don't use the hardcoded path for certificates. (bsc#935252)
Patchnames
sleclo50sp3-python-requests-12235
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-requests",
"title": "Title of the patch"
},
{
"category": "description",
"text": "python-requests was updated to fix one security issue.\n\nThis security issue was fixed:\n\n- CVE-2015-2296: The resolve_redirects function in sessions.py allowed remote attackers to\n conduct session fixation attacks via a cookie without a host value in a redirect. (bsc#922448)\n\nThis non-security issue was fixed:\n\n- Don\u0027t use the hardcoded path for certificates. (bsc#935252)\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sleclo50sp3-python-requests-12235",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_2156-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:2156-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20152156-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:2156-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-November/001704.html"
},
{
"category": "self",
"summary": "SUSE Bug 922448",
"url": "https://bugzilla.suse.com/922448"
},
{
"category": "self",
"summary": "SUSE Bug 935252",
"url": "https://bugzilla.suse.com/935252"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-2296 page",
"url": "https://www.suse.com/security/cve/CVE-2015-2296/"
}
],
"title": "Security update for python-requests",
"tracking": {
"current_release_date": "2015-11-30T11:07:43Z",
"generator": {
"date": "2015-11-30T11:07:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:2156-1",
"initial_release_date": "2015-11-30T11:07:43Z",
"revision_history": [
{
"date": "2015-11-30T11:07:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python-requests-2.3.0-9.2.x86_64",
"product": {
"name": "python-requests-2.3.0-9.2.x86_64",
"product_id": "python-requests-2.3.0-9.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 5",
"product": {
"name": "SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:cloud:5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-requests-2.3.0-9.2.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:python-requests-2.3.0-9.2.x86_64"
},
"product_reference": "python-requests-2.3.0-9.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-2296",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-2296"
}
],
"notes": [
{
"category": "general",
"text": "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 5:python-requests-2.3.0-9.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-2296",
"url": "https://www.suse.com/security/cve/CVE-2015-2296"
},
{
"category": "external",
"summary": "SUSE Bug 922448 for CVE-2015-2296",
"url": "https://bugzilla.suse.com/922448"
},
{
"category": "external",
"summary": "SUSE Bug 926396 for CVE-2015-2296",
"url": "https://bugzilla.suse.com/926396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 5:python-requests-2.3.0-9.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-11-30T11:07:43Z",
"details": "low"
}
],
"title": "CVE-2015-2296"
}
]
}
cnvd-2015-01877
Vulnerability from cnvd
Title
requests sessions.py resolve_redirects会话固定漏洞
Description
Requests是Apache2许可的HTTP库,是用Python编写的。
Requests 2.1.0-2.5.3版本,sessions.py中的resolve_redirects函数存在安全漏洞,在重定向时未能正确处理不带host值的cookie,远程攻击者可利用此漏洞执行会话固定攻击。
Severity
中
VLAI Severity ?
Patch Name
requests sessions.py resolve_redirects会话固定漏洞的补丁
Patch Description
Requests是Apache2许可的HTTP库,是用Python编写的。
Requests 2.1.0-2.5.3版本,sessions.py中的resolve_redirects函数存在安全漏洞,在重定向时未能正确处理不带host值的cookie,远程攻击者可利用此漏洞执行会话固定攻击。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下供应商提供的安全公告获得补丁信息: https://warehouse.python.org/project/requests/2.6.0/
Reference
http://www.ubuntu.com/usn/USN-2531-1
http://www.openwall.com/lists/oss-security/2015/03/14/4
https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
Impacted products
| Name | python-requests requests 2.1.0 - 2.5.3 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2015-2296"
}
},
"description": "Requests\u662fApache2\u8bb8\u53ef\u7684HTTP\u5e93\uff0c\u662f\u7528Python\u7f16\u5199\u7684\u3002\r\n\r\nRequests 2.1.0-2.5.3\u7248\u672c\uff0csessions.py\u4e2d\u7684resolve_redirects\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5728\u91cd\u5b9a\u5411\u65f6\u672a\u80fd\u6b63\u786e\u5904\u7406\u4e0d\u5e26host\u503c\u7684cookie\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u6267\u884c\u4f1a\u8bdd\u56fa\u5b9a\u653b\u51fb\u3002",
"discovererName": "Matthew Daley",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://warehouse.python.org/project/requests/2.6.0/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-01877",
"openTime": "2015-03-20",
"patchDescription": "Requests\u662fApache2\u8bb8\u53ef\u7684HTTP\u5e93\uff0c\u662f\u7528Python\u7f16\u5199\u7684\u3002 \r\n\r\nRequests 2.1.0-2.5.3\u7248\u672c\uff0csessions.py\u4e2d\u7684resolve_redirects\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5728\u91cd\u5b9a\u5411\u65f6\u672a\u80fd\u6b63\u786e\u5904\u7406\u4e0d\u5e26host\u503c\u7684cookie\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u6267\u884c\u4f1a\u8bdd\u56fa\u5b9a\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "requests sessions.py resolve_redirects\u4f1a\u8bdd\u56fa\u5b9a\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "python-requests requests 2.1.0 - 2.5.3"
},
"referenceLink": "http://www.ubuntu.com/usn/USN-2531-1\r\nhttp://www.openwall.com/lists/oss-security/2015/03/14/4\r\nhttps://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc",
"serverity": "\u4e2d",
"submitTime": "2015-03-19",
"title": "requests sessions.py resolve_redirects\u4f1a\u8bdd\u56fa\u5b9a\u6f0f\u6d1e"
}
gsd-2015-2296
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-2296",
"description": "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.",
"id": "GSD-2015-2296",
"references": [
"https://www.suse.com/security/cve/CVE-2015-2296.html",
"https://ubuntu.com/security/CVE-2015-2296",
"https://advisories.mageia.org/CVE-2015-2296.html",
"https://alas.aws.amazon.com/cve/html/CVE-2015-2296.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-2296"
],
"details": "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.",
"id": "GSD-2015-2296",
"modified": "2023-12-13T01:20:00.856403Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150314 Re: CVE Request for python-requests session fixation vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/15/1"
},
{
"name": "FEDORA-2015-4084",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html"
},
{
"name": "MDVSA-2015:133",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:133"
},
{
"name": "[oss-security] 20150314 CVE Request for python-requests session fixation vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/14/4"
},
{
"name": "USN-2531-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2531-1"
},
{
"name": "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc",
"refsource": "CONFIRM",
"url": "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0120.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0120.html"
},
{
"name": "https://warehouse.python.org/project/requests/2.6.0/",
"refsource": "CONFIRM",
"url": "https://warehouse.python.org/project/requests/2.6.0/"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c2.6.0",
"affected_versions": "All versions before 2.6.0",
"credit": "Matthew Daley",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2016-07-15",
"description": "The `resolve_redirects()` function in `sessions.py` allows a remote, user-assisted attacker to conduct a session fixation attack. This flaw exists because the application, when establishing a new session, does not invalidate an existing session identifier and assign a new one. With a specially crafted request fixating the session identifier, a context-dependent attacker can ensure a user authenticates with the known session identifier, allowing the session to be subsequently hijacked.",
"fixed_versions": [
"2.6.0"
],
"identifier": "CVE-2015-2296",
"identifiers": [
"CVE-2015-2296"
],
"not_impacted": "All versions starting from 2.6.0",
"package_slug": "pypi/requests",
"pubdate": "2015-03-18",
"solution": "Upgrade to version 2.6.0 or above.",
"title": "Session fixation in resolve_redirects()",
"urls": [
"http://osvdb.org/show/osvdb/119576",
"http://www.openwall.com/lists/oss-security/2015/03/14/4",
"https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc#diff-28e67177469c0d36b068d68d9f6043bf",
"https://github.com/kennethreitz/requests/commit/f7c85685a8e484715649c13bacae6adc7f5f3908#diff-28e67177469c0d36b068d68d9f6043bf"
],
"uuid": "d1c3b3de-3b82-4f45-97ce-7e97f96652e5"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mageia_project:mageia:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:python:requests:2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:requests:2.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:requests:2.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:requests:2.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:requests:2.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:requests:2.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:requests:2.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:requests:2.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:requests:2.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:requests:2.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:requests:2.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2296"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150314 Re: CVE Request for python-requests session fixation vulnerability",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2015/03/15/1"
},
{
"name": "USN-2531-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/USN-2531-1"
},
{
"name": "[oss-security] 20150314 CVE Request for python-requests session fixation vulnerability",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2015/03/14/4"
},
{
"name": "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc",
"refsource": "CONFIRM",
"tags": [],
"url": "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc"
},
{
"name": "https://warehouse.python.org/project/requests/2.6.0/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://warehouse.python.org/project/requests/2.6.0/"
},
{
"name": "FEDORA-2015-4084",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0120.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://advisories.mageia.org/MGASA-2015-0120.html"
},
{
"name": "MDVSA-2015:133",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:133"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2021-03-18T13:19Z",
"publishedDate": "2015-03-18T16:59Z"
}
}
}
fkie_cve-2015-2296
Vulnerability from fkie_nvd
Published
2015-03-18 16:59
Modified
2025-04-12 10:46
Severity ?
Summary
The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://advisories.mageia.org/MGASA-2015-0120.html | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2015:133 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/03/14/4 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/03/15/1 | ||
| cve@mitre.org | http://www.ubuntu.com/usn/USN-2531-1 | ||
| cve@mitre.org | https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc | ||
| cve@mitre.org | https://warehouse.python.org/project/requests/2.6.0/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://advisories.mageia.org/MGASA-2015-0120.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2015:133 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/03/14/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/03/15/1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2531-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://warehouse.python.org/project/requests/2.6.0/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mageia_project | mageia | 4.0 | |
| python | requests | 2.1.0 | |
| python | requests | 2.2.1 | |
| python | requests | 2.3.0 | |
| python | requests | 2.4.0 | |
| python | requests | 2.4.1 | |
| python | requests | 2.4.2 | |
| python | requests | 2.4.3 | |
| python | requests | 2.5.0 | |
| python | requests | 2.5.1 | |
| python | requests | 2.5.2 | |
| python | requests | 2.5.3 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mageia_project:mageia:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D2FA5A-6EC3-490B-A6A5-C498C889E30D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:python:requests:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEFEBF18-876A-4E3C-A30B-71577B9938CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:requests:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18282B8E-738F-495C-B990-F70D0F0F8F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:requests:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE39CDB-643B-4126-9CA2-9C50337BBF58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:requests:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "425B2FDF-69C3-4C0C-8972-E41EC457F791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:requests:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB05BA9A-23AE-49D4-A1E7-96F8964A3BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:requests:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "800BD957-9C00-41F9-BD04-485698BD55D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:requests:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA61528-1797-44A2-99FA-F24866B4A663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:requests:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "544C8C6B-0532-4D06-8A50-6C629B5C48F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:requests:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D34A4A03-6B83-4FED-91DF-73D3DC895879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:requests:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4016F80B-6EB3-4C5B-B2A6-483A24E9E70C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:requests:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "330946FA-38DC-4797-AEB3-0B038B828F9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect."
},
{
"lang": "es",
"value": "La funci\u00f3n resolve_redirects en sessions.py en requests 2.1.0 hasta 2.5.3 permite a atacantes remotos realizar ataques de fijaci\u00f3n de sesi\u00f3n a trav\u00e9s de una cookie sin valor de anfitri\u00f3n en una redirecci\u00f3n."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/384.html\"\u003eCWE-384: Session Fixation\u003c/a\u003e",
"id": "CVE-2015-2296",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-03-18T16:59:03.517",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2015-0120.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:133"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/03/14/4"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/03/15/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2531-1"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://warehouse.python.org/project/requests/2.6.0/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2015-0120.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/03/14/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/03/15/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2531-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://warehouse.python.org/project/requests/2.6.0/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ghsa-pg2w-x9wp-vw92
Vulnerability from github
Published
2022-05-13 01:11
Modified
2024-10-21 21:03
VLAI Severity ?
Summary
Python Requests Session Fixation
Details
The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "requests"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2015-2296"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": true,
"github_reviewed_at": "2023-07-31T23:49:22Z",
"nvd_published_at": "2015-03-18T16:59:00Z",
"severity": "MODERATE"
},
"details": "The `resolve_redirects` function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.",
"id": "GHSA-pg2w-x9wp-vw92",
"modified": "2024-10-21T21:03:10Z",
"published": "2022-05-13T01:11:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2296"
},
{
"type": "WEB",
"url": "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc"
},
{
"type": "WEB",
"url": "https://github.com/psf/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc"
},
{
"type": "PACKAGE",
"url": "https://github.com/psf/requests"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2015-17.yaml"
},
{
"type": "WEB",
"url": "https://warehouse.python.org/project/requests/2.6.0"
},
{
"type": "WEB",
"url": "http://advisories.mageia.org/MGASA-2015-0120.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:133"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/03/14/4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/03/15/1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2531-1"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Python Requests Session Fixation"
}
pysec-2015-17
Vulnerability from pysec
Published
2015-03-18 16:59
Modified
2021-07-05 00:01
Details
The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.
Impacted products
| Name | purl | requests | pkg:pypi/requests |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "requests",
"purl": "pkg:pypi/requests"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3bd8afbff29e50b38f889b2f688785a669b9aafc"
}
],
"repo": "https://github.com/kennethreitz/requests",
"type": "GIT"
},
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.6.0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.1.0",
"2.2.0",
"2.2.1",
"2.3.0",
"2.4.0",
"2.4.1",
"2.4.2",
"2.4.3",
"2.5.0",
"2.5.1",
"2.5.2",
"2.5.3"
]
}
],
"aliases": [
"CVE-2015-2296"
],
"details": "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.",
"id": "PYSEC-2015-17",
"modified": "2021-07-05T00:01:25.716066Z",
"published": "2015-03-18T16:59:00Z",
"references": [
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/03/15/1"
},
{
"type": "ADVISORY",
"url": "http://www.ubuntu.com/usn/USN-2531-1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/03/14/4"
},
{
"type": "FIX",
"url": "https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc"
},
{
"type": "WEB",
"url": "https://warehouse.python.org/project/requests/2.6.0/"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html"
},
{
"type": "ADVISORY",
"url": "http://advisories.mageia.org/MGASA-2015-0120.html"
},
{
"type": "ADVISORY",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:133"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…