What Are You Looking For?

Sign Up


# Security update for python-urllib3

Announcement ID: SUSE-SU-2023:4064-1  
Rating: moderate  
References:

  * #1215968

  
Cross-References:

  * CVE-2023-43804

  
CVSS scores:

  * CVE-2023-43804 ( SUSE ):  5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
  * CVE-2023-43804 ( NVD ):  5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

  
Affected Products:

  * Public Cloud Module 12
  * SUSE Linux Enterprise High Performance Computing 12 SP2
  * SUSE Linux Enterprise High Performance Computing 12 SP3
  * SUSE Linux Enterprise High Performance Computing 12 SP4
  * SUSE Linux Enterprise High Performance Computing 12 SP5
  * SUSE Linux Enterprise Server 12
  * SUSE Linux Enterprise Server 12 SP1
  * SUSE Linux Enterprise Server 12 SP2
  * SUSE Linux Enterprise Server 12 SP3
  * SUSE Linux Enterprise Server 12 SP4
  * SUSE Linux Enterprise Server 12 SP5
  * SUSE Linux Enterprise Server for SAP Applications 12
  * SUSE Linux Enterprise Server for SAP Applications 12 SP1
  * SUSE Linux Enterprise Server for SAP Applications 12 SP2
  * SUSE Linux Enterprise Server for SAP Applications 12 SP3
  * SUSE Linux Enterprise Server for SAP Applications 12 SP4
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5
  * SUSE Linux Enterprise Software Development Kit 12 SP5
  * SUSE Linux Enterprise Workstation Extension 12 12-SP5

  
  
An update that solves one vulnerability can now be installed.

## Description:

This update for python-urllib3 fixes the following issues:

  * CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user
    manually set the corresponding header (bsc#1215968).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise Software Development Kit 12 SP5  
    zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4064=1

  * SUSE Linux Enterprise High Performance Computing 12 SP5  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4064=1

  * SUSE Linux Enterprise Server 12 SP5  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4064=1

  * SUSE Linux Enterprise Server for SAP Applications 12 SP5  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4064=1

  * SUSE Linux Enterprise Workstation Extension 12 12-SP5  
    zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4064=1

  * Public Cloud Module 12  
    zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-4064=1

## Package List:

  * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch)
    * python3-urllib3-1.25.10-3.34.1
  * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
    * python3-urllib3-1.25.10-3.34.1
    * python-urllib3-1.25.10-3.34.1
  * SUSE Linux Enterprise Server 12 SP5 (noarch)
    * python3-urllib3-1.25.10-3.34.1
    * python-urllib3-1.25.10-3.34.1
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
    * python3-urllib3-1.25.10-3.34.1
    * python-urllib3-1.25.10-3.34.1
  * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (noarch)
    * python3-urllib3-1.25.10-3.34.1
  * Public Cloud Module 12 (noarch)
    * python3-urllib3-1.25.10-3.34.1
    * python-urllib3-1.25.10-3.34.1

## References:

  * https://www.suse.com/security/cve/CVE-2023-43804.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1215968

SUSE: 2023:4064-1 moderate: python-urllib3

October 12, 2023
* #1215968 Cross-References: * CVE-2023-43804

Summary

## This update for python-urllib3 fixes the following issues: * CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4064=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4064=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4064=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4064=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4064=1 * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-4064=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * python3-urllib3-1.25.10-3.34.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * python3-urllib3-1.25.10-3.34.1 * python-urllib3-1.25.10-3.34.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * python3-urllib3-1.25.10-3.34.1 * python-urllib3-1.25.10-3.34.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * python3-urllib3-1.25.10-3.34.1 * python-urllib3-1.25.10-3.34.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (noarch) * python3-urllib3-1.25.10-3.34.1 * Public Cloud Module 12 (noarch) * python3-urllib3-1.25.10-3.34.1 * python-urllib3-1.25.10-3.34.1

References

* #1215968

Cross-

* CVE-2023-43804

CVSS scores:

* CVE-2023-43804 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

* CVE-2023-43804 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* Public Cloud Module 12

* SUSE Linux Enterprise High Performance Computing 12 SP2

* SUSE Linux Enterprise High Performance Computing 12 SP3

* SUSE Linux Enterprise High Performance Computing 12 SP4

* SUSE Linux Enterprise High Performance Computing 12 SP5

* SUSE Linux Enterprise Server 12

* SUSE Linux Enterprise Server 12 SP1

* SUSE Linux Enterprise Server 12 SP2

* SUSE Linux Enterprise Server 12 SP3

* SUSE Linux Enterprise Server 12 SP4

* SUSE Linux Enterprise Server 12 SP5

* SUSE Linux Enterprise Server for SAP Applications 12

* SUSE Linux Enterprise Server for SAP Applications 12 SP1

* SUSE Linux Enterprise Server for SAP Applications 12 SP2

* SUSE Linux Enterprise Server for SAP Applications 12 SP3

* SUSE Linux Enterprise Server for SAP Applications 12 SP4

* SUSE Linux Enterprise Server for SAP Applications 12 SP5

* SUSE Linux Enterprise Software Development Kit 12 SP5

* SUSE Linux Enterprise Workstation Extension 12 12-SP5

An update that solves one vulnerability can now be installed.

##

* https://www.suse.com/security/cve/CVE-2023-43804.html

* https://bugzilla.suse.com/show_bug.cgi?id=1215968

Severity
Announcement ID: SUSE-SU-2023:4064-1
Rating: moderate

Related News

Security Highlights from KubeCon + CloudNativeCon 2023

Nov 18, 2023

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

News

Advisories

HOWTOs

Features

Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap

About Us

Powered By

Footer Logo