Amazon Linux 1 (EOL) Security Advisory: ALAS-2019-1236
Advisory Released Date: 2019-07-17
Advisory Updated Date: 2019-07-25
Severity:
Medium
Issue Overview:
In the urllib3 library for Python, CRLF injection is possible if the attacker controls the request parameter. (CVE-2019-11236)
Affected Packages:
python-urllib3
Issue Correction:
Run yum update python-urllib3 to update your system.
New Packages:
noarch:
python27-urllib3-1.24.3-1.8.amzn1.noarch
src:
python-urllib3-1.24.3-1.8.amzn1.src