Amazon Linux 2 Security Advisory: ALAS-2021-1668
Advisory Release Date: 2021-06-16 20:37 Pacific
Advisory Updated Date: 2021-06-22 22:41 Pacific
Severity:
Medium
Issue Overview:
A flaw was found in python-urllib3. The HTTPConnection.request() does not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation of the request by injecting additional HTTP headers. The highest threat from this vulnerability is to confidentiality and integrity. (CVE-2020-26137)
Affected Packages:
python-urllib3
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update python-urllib3 to update your system.
New Packages:
noarch:
python-urllib3-1.25.9-1.amzn2.0.1.noarch
src:
python-urllib3-1.25.9-1.amzn2.0.1.src