RHSA-2021:1631: Moderate: python-urllib3 security update
The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities.<br>Security Fix(es):<br><li> python-urllib3: CRLF injection via HTTP request method (CVE-2020-26137)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Additional Changes:<br>For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2021:1631?
The severity of RHSA-2021:1631 is categorized as important due to potential CRLF injection vulnerabilities.
How do I fix RHSA-2021:1631?
To fix RHSA-2021:1631, you should upgrade the python-urllib3 or python3-urllib3 package to version 1.24.2-5.el8 or later.
What impact does RHSA-2021:1631 have on my system?
RHSA-2021:1631 may allow an attacker to perform CRLF injection attacks that can lead to misleading response headers or HTTP response splitting.
Which packages are affected by RHSA-2021:1631?
RHSA-2021:1631 affects the python-urllib3 and python3-urllib3 packages prior to version 1.24.2-5.el8.
When was RHSA-2021:1631 released?
RHSA-2021:1631 was released on May 26, 2021.