Mageia 2021-0055: python-urllib3 security update
Summary
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP
request method, as demonstrated by inserting CR and LF control characters in
the first argument of putrequest() (CVE-2020-26137).
References
- https://bugs.mageia.org/show_bug.cgi?id=27407
- https://ubuntu.com/security/notices/USN-4570-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26137
Resolution
MGASA-2021-0055 - Updated python-urllib3 packages fix security vulnerability
SRPMS
- 7/core/python-urllib3-1.24.3-1.2.mga7