SUSE-SU-2016:0114-1

Source
https://www.suse.com/support/update/announcement/2016/suse-su-20160114-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0114-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2016:0114-1
Related
Published
2016-01-13T20:05:42Z
Modified
2016-01-13T20:05:42Z
Summary
Security update for python-requests
Details

The python-requests module has been updated to version 2.8.1, which brings several fixes and enhancements:

  • Fix handling of cookies on redirect. Previously a cookie without a host value set would use the hostname for the redirected URL exposing requests users to session fixation attacks and potentially cookie stealing. (bsc#922448, CVE-2015-2296)

  • Add support for per-host proxies. This allows the proxies dictionary to have entries of the form {'<scheme>://<hostname>': '<proxy>'}. Host-specific proxies will be used in preference to the previously-supported scheme-specific ones, but the previous syntax will continue to work.

  • Update certificate bundle to match 'certifi' 2015.9.6.2's weak certificate bundle.
  • Response.raiseforstatus now prints the URL that failed as part of the exception message.
  • requests.utils.getnetrcauth now takes an raise_errors kwarg, defaulting to False. When True, errors parsing .netrc files cause exceptions to be thrown.
  • Change to bundled projects import logic to make it easier to unbundle requests downstream.
  • Change the default User-Agent string to avoid leaking data on Linux: now contains only the requests version.
  • The json parameter to post() and friends will now only be used if neither data nor files are present, consistent with the documentation.
  • Empty fields in the NO_PROXY environment variable are now ignored.
  • Fix problem where httplib.BadStatusLine would get raised if combining stream=True with contextlib.closing.
  • Prevent bugs where we would attempt to return the same connection back to the connection pool twice when sending a Chunked body.
  • Digest Auth support is now thread safe.
  • Resolved several bugs involving chunked transfer encoding and response framing.
  • Copy a PreparedRequest's CookieJar more reliably.
  • Support bytearrays when passed as parameters in the 'files' argument.
  • Avoid data duplication when creating a request with 'str', 'bytes', or 'bytearray' input to the 'files' argument.
  • 'Connection: keep-alive' header is now sent automatically.
  • Support for connect timeouts. Timeout now accepts a tuple (connect, read) which is used to set individual connect and read timeouts.

For a comprehensive list of changes please refer to the package's change log or the Release Notes at http://docs.python-requests.org/en/latest/community/updates/#id3

References

Affected packages

SUSE:Linux Enterprise Desktop 12 SP1 / python-requests

Package

Name
python-requests
Purl
purl:rpm/suse/python-requests&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.1-6.9.1

Ecosystem specific

{
    "binaries": [
        {
            "python-requests": "2.8.1-6.9.1"
        }
    ]
}

SUSE:Linux Enterprise High Availability Extension 12 / python-requests

Package

Name
python-requests
Purl
purl:rpm/suse/python-requests&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.1-6.9.1

Ecosystem specific

{
    "binaries": [
        {
            "python-requests": "2.8.1-6.9.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Public Cloud 12 / python-requests

Package

Name
python-requests
Purl
purl:rpm/suse/python-requests&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.1-6.9.1

Ecosystem specific

{
    "binaries": [
        {
            "python-requests": "2.8.1-6.9.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 / python-requests

Package

Name
python-requests
Purl
purl:rpm/suse/python-requests&distro=SUSE%20Linux%20Enterprise%20Server%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.1-6.9.1

Ecosystem specific

{
    "binaries": [
        {
            "python-requests": "2.8.1-6.9.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 / python-requests

Package

Name
python-requests
Purl
purl:rpm/suse/python-requests&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.1-6.9.1

Ecosystem specific

{
    "binaries": [
        {
            "python-requests": "2.8.1-6.9.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP1 / python-requests

Package

Name
python-requests
Purl
purl:rpm/suse/python-requests&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.1-6.9.1

Ecosystem specific

{
    "binaries": [
        {
            "python-requests": "2.8.1-6.9.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP1 / python-requests

Package

Name
python-requests
Purl
purl:rpm/suse/python-requests&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.1-6.9.1

Ecosystem specific

{
    "binaries": [
        {
            "python-requests": "2.8.1-6.9.1"
        }
    ]
}

SUSE:Cloud Compute Node for SUSE Linux Enterprise 12 5 / python-requests

Package

Name
python-requests
Purl
purl:rpm/suse/python-requests&distro=SUSE%20Cloud%20Compute%20Node%20for%20SUSE%20Linux%20Enterprise%2012%205

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.1-6.9.1

Ecosystem specific

{
    "binaries": [
        {
            "python-requests": "2.8.1-6.9.1"
        }
    ]
}

SUSE:Enterprise Storage 1.0 / python-requests

Package

Name
python-requests
Purl
purl:rpm/suse/python-requests&distro=SUSE%20Enterprise%20Storage%201.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.1-6.9.1

Ecosystem specific

{
    "binaries": [
        {
            "python-requests": "2.8.1-6.9.1"
        }
    ]
}

SUSE:Enterprise Storage 2 / python-requests

Package

Name
python-requests
Purl
purl:rpm/suse/python-requests&distro=SUSE%20Enterprise%20Storage%202

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.1-6.9.1

Ecosystem specific

{
    "binaries": [
        {
            "python-requests": "2.8.1-6.9.1"
        }
    ]
}