[ALSA-2024:8842] Moderate: python3.12-urllib3 security update
Type:
security
Severity:
moderate
Release date:
2024-11-06
Description:
urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: • Thread safety. • Connection pooling. • Client-side SSL/TLS verification. • File uploads with multipart encoding. • Helpers for retrying requests and dealing with HTTP redirects. • Support for gzip, deflate, brotli, and zstd encoding. • Proxy support for HTTP and SOCKS. • 100% test coverage. Security Fix(es): * urllib3: proxy-authorization request header is not stripped during cross-origin redirects (CVE-2024-37891) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
noarch python3.12-urllib3-1.26.19-1.el8_10.noarch.rpm e9c6302ea753f2b67dd0a7115b1dd94cb6e7337ebbd11269214b2aa7c8d9f95b
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.