USN-6155-2: Requests vulnerability
15 June 2023
Requests could be made to expose sensitive information over the network.
Releases
Packages
- requests - elegant and simple HTTP library for Python
Details
USN-6155-1 fixed a vulnerability in Requests. This update provides
the corresponding update for Ubuntu 16.04 ESM and 18.04 ESM.
Original advisory details:
Dennis Brinkrolf and Tobias Funke discovered that Requests incorrectly
leaked Proxy-Authorization headers. A remote attacker could possibly use
this issue to obtain sensitive information.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04
-
python3-requests
-
2.18.4-2ubuntu0.1+esm1
Available with Ubuntu Pro
-
python-requests
-
2.18.4-2ubuntu0.1+esm1
Available with Ubuntu Pro
Ubuntu 16.04
-
python3-requests
-
2.9.1-3ubuntu0.1+esm1
Available with Ubuntu Pro
-
python-requests
-
2.9.1-3ubuntu0.1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-6155-1: requests, python-requests-doc, python3-requests