ALAS-2019-1236


Amazon Linux AMI Security Advisory: ALAS-2019-1236
Advisory Release Date: 2019-07-25 18:36 Pacific
Severity: Medium
References: CVE-2019-11236 

Issue Overview:

In the urllib3 library for Python, CRLF injection is possible if the attacker controls the request parameter. (CVE-2019-11236 )


Affected Packages:

python-urllib3


Issue Correction:
Run yum update python-urllib3 to update your system.

New Packages:
noarch:
    python27-urllib3-1.24.3-1.8.amzn1.noarch

src:
    python-urllib3-1.24.3-1.8.amzn1.src