Main Vulnerability Database SB2019110532

SB2019110532 - Fedora EPEL 7 update for python3-requests, python3-urllib3

Published: November 5, 2019 Updated: April 25, 2025

Security Bulletin ID SB2019110532

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Certificate Validation (CVE-ID: CVE-2019-11324)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the urllib3 library for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates. A remote attacker can cause the certificates to be considered trusted contrary to expectations. This is related to use of the "ssl_context", "ca_certs" or "ca_certs_dir" argument.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-2d77bb9597

SB2019110532 - Fedora EPEL 7 update for python3-requests, python3-urllib3

Breakdown by Severity

Description

Remediation

References

Please verify you're human