Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Ubuntu 14.04 LTS & 14.10: USN-2531-1 Critical: Requests Cookie Exposure

ubuntu
Calendar Grey March 16, 2015
Dist Ubuntu Esm H88
Network communications in Ubuntu might inadvertently reveal cookies, posing a risk of exploitation. Urgent patch advised.
Requests could be made to expose cookies over the network.

Summary

Requests could be made to expose cookies over the network.

Software Description:

- requests: elegant and simple HTTP library for Python

Details:

Matthew Daley discovered that Requests incorrectly handled cookies without

host values when being redirected. A remote attacker could possibly use

this issue to perform session fixation or cookie stealing attacks.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  python-requests                 2.3.0-1ubuntu0.1
  python3-requests                2.3.0-1ubuntu0.1

Ubuntu 14.04 LTS:
  python-requests                 2.2.1-1ubuntu0.2
  python3-requests                2.2.1-1ubuntu0.2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2531-1

CVE-2015-2296

Severity
critical
Lowest
Low
Medium
High
Critical

March 16, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.