{"schema_version": "1.3.1", "id": "RLSA-2024:8842", "modified": "2024-11-08T15:59:28.618403Z", "published": "2024-11-08T15:56:47.559546Z", "related": ["CVE-2024-37891"], "summary": "Moderate: python3.12-urllib3 security update", "details": "urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: \n  \u2022 Thread safety.\n  \u2022 Connection pooling.\n  \u2022 Client-side SSL/TLS verification.\n  \u2022 File uploads with multipart encoding.\n  \u2022 Helpers for retrying requests and dealing with HTTP redirects.\n  \u2022 Support for gzip, deflate, brotli, and zstd encoding.\n  \u2022 Proxy support for HTTP and SOCKS.\n  \u2022 100% test coverage.\n\nSecurity Fix(es):\n\n* urllib3: proxy-authorization request header is not stripped during cross-origin redirects (CVE-2024-37891)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "affected": [{"package": {"ecosystem": "Rocky Linux:8", "name": "python3.12-urllib3", "purl": "pkg:rpm/rocky-linux/python3.12-urllib3?distro=rocky-linux-8-x86-64&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:1.26.19-1.el8_10"}], "database_specific": {"yum_repository": "AppStream"}}]}], "references": [{"type": "ADVISORY", "url": "https://errata.rockylinux.org/RLSA-2024:8842"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292788"}], "credits": [{"name": "Rocky Enterprise Software Foundation"}, {"name": "Red Hat"}]}