urllib3 could be used to perform a CRLF injection if it received a
specially crafted request.
Software Description:
- python-urllib3: HTTP library with thread-safe connection pooling
Details:
It was discovered that urllib3 incorrectly handled certain character
sequences. A remote attacker could possibly use this issue to perform CRLF
injection.
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: python3-urllib3 1.25.8-2ubuntu0.1 Ubuntu 18.04 LTS: python-urllib3 1.22-1ubuntu0.18.04.2 python3-urllib3 1.22-1ubuntu0.18.04.2 Ubuntu 16.04 LTS: python-urllib3 1.13.1-2ubuntu0.16.04.4 python3-urllib3 1.13.1-2ubuntu0.16.04.4 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-4570-1
CVE-2020-26137
Get the latest Linux and open source security news straight to your inbox.