ALAS2-2019-1211


Amazon Linux 2 Security Advisory: ALAS-2019-1211
Advisory Release Date: 2019-05-20 18:12 Pacific
Severity: Low
References: CVE-2018-20060 

Issue Overview:

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.(CVE-2018-20060 )


Affected Packages:

python-urllib3


Issue Correction:
Run yum update python-urllib3 to update your system.

New Packages:
noarch:
    python-urllib3-1.24.3-1.amzn2.0.1.noarch

src:
    python-urllib3-1.24.3-1.amzn2.0.1.src