安全公告详情

NS-SA-2024-0058

2024-09-03 09:34:48

简介

moderate: perl-HTTP-Tiny/python-requests security update

严重级别

moderate

主题

An update for perl-HTTP-Tiny/python-requests is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

perl-HTTP-Tiny:
python-requests:


Security Fix(es):
perl-HTTP-Tiny: It was found that perl can load modules from the current directory if not found in the module directories, via the @INC path. A local, authenticated attacker could create a specially crafted module in a writable directory and trick a user into running a perl program from that directory; if the module is not found in previous @INC paths, it will load and execute the attacker's module.(CVE-2016-1238)
perl-HTTP-Tiny: An Insecure Default Initialization of Resource flaw was found in HTTP::Tiny, where TLS certificates were not verified by default. This flaw can lead to loss of confidentiality, integrity, and availability.(CVE-2023-31486)
perl-HTTP-Tiny: bugfix
python-requests: A flaw was found in the way python-requests set the domain cookie parameter for certain HTTP responses. A remote attacker could use this flaw to modify a cookie to be sent to an arbitrary URL.(CVE-2015-2296)
python-requests: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.02.F2B12.

影响组件

  • perl-HTTP-Tiny
  • python-requests

影响产品

  • CGSL MAIN 6.02

更新包

{"fix":[{"product":"CGSL MAIN 6.02","pkgs":[{"binary":["perl-HTTP-Tiny-0.074-1.el8.cgslv6_2.1.g9b0a3d3.noarch.rpm"],"source":"perl-HTTP-Tiny-0.074-1.el8.cgslv6_2.1.g9b0a3d3.src.rpm"},{"binary":["python3-requests-2.25.0-2.module_el8.5.0+738+dc19af12.cgslv6_2.1.gf791b2f.noarch.rpm"],"source":"python-requests-2.25.0-2.module_el8.5.0+738+dc19af12.cgslv6_2.1.gf791b2f.src.rpm"}]}]}
CGSL MAIN 6.02
  • perl-HTTP-Tiny-0.074-1.el8.cgslv6_2.1.g9b0a3d3.src.rpm
    • perl-HTTP-Tiny-0.074-1.el8.cgslv6_2.1.g9b0a3d3.noarch.rpm
  • python-requests-2.25.0-2.module_el8.5.0+738+dc19af12.cgslv6_2.1.gf791b2f.src.rpm
    • python3-requests-2.25.0-2.module_el8.5.0+738+dc19af12.cgslv6_2.1.gf791b2f.noarch.rpm

CVE

参考

© 2004-2023 广东中兴新支点技术有限公司 版权所有 (www.gd-linux.com) 粤ICP备15061780号-2

全国服务热线:400-033-0108