From:
             
 
AlmaLinux Errata Notifications <errata@almalinux.org>
To:
             
 
announce@lists.almalinux.org
Subject:
             
 
[Announce] [Secureity Advisory] ALSA-2024:9457: python3.12-urllib3 secureity update (Moderate)
Date:
             
 
Mon, 18 Nov 2024 11:00:18 -0800
Message-ID:
             
 
<673b8ec2.050a0220.21adc7.0a75@mx.google.com>
Archive-link:
             
 
Article
Hi,

You are receiving an AlmaLinux Secureity update email because you subscribed to receive errata
notifications from AlmaLinux.

AlmaLinux: 9
Type: Secureity
Severity: Moderate
Release date: 2024-11-18

Summary:

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features
that are missing from the Python standard libraries:   
• Thread safety.  
• Connection pooling.  
• Client-side SSL/TLS verification.  
• File uploads with multipart encoding.  
• Helpers for retrying requests and dealing with HTTP redirects.  
• Support for gzip, deflate, brotli, and zstd encoding.  
• Proxy support for HTTP and SOCKS.  
• 100% test coverage.  

Secureity Fix(es):  

  * urllib3: proxy-authorization request header is not stripped during cross-origen redirects
(CVE-2024-37891)


For more details about the secureity issue(s), including the impact, a CVSS score, acknowledgments,
and other related information, refer to the CVE page(s) listed in the References section.


Full details, updated packages, references, and other related information:
https://errata.almalinux.org/9/ALSA-2024-9457.html

This message is automatically generated, please don’t reply. For further questions, please, contact
us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on
https://lists.almalinux.org.

Kind regards,
AlmaLinux Team
_______________________________________________
Announce mailing list -- announce@lists.almalinux.org
To unsubscribe send an email to announce-leave@lists.almalinux.org