ALAS-2019-1236

Amazon Linux 1 Security Advisory: ALAS-2019-1236
Advisory Release Date: 2019-07-17 23:24 Pacific
Advisory Updated Date: 2019-07-25 18:36 Pacific

Severity: Medium

References: CVE-2019-11236
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In the urllib3 library for Python, CRLF injection is possible if the attacker controls the request parameter. (CVE-2019-11236)

Affected Packages:

python-urllib3

Issue Correction:
Run yum update python-urllib3 to update your system.

New Packages:

noarch:
    python27-urllib3-1.24.3-1.8.amzn1.noarch

src:
    python-urllib3-1.24.3-1.8.amzn1.src

Additional References

Red Hat: CVE-2019-11236

Mitre: CVE-2019-11236