python36-kubernetes-12.0.1-1.8 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11234-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z python36-kubernetes-12.0.1-1.8 on GA media These are all security issues fixed in the python36-kubernetes-12.0.1-1.8 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11234 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-20060/ SUSE CVE CVE-2018-20060 page https://www.suse.com/security/cve/CVE-2019-11324/ SUSE CVE CVE-2019-11324 page openSUSE Tumbleweed python36-kubernetes-12.0.1-1.8 python38-kubernetes-12.0.1-1.8 python39-kubernetes-12.0.1-1.8 python36-kubernetes-12.0.1-1.8 as a component of openSUSE Tumbleweed python38-kubernetes-12.0.1-1.8 as a component of openSUSE Tumbleweed python39-kubernetes-12.0.1-1.8 as a component of openSUSE Tumbleweed urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. CVE-2018-20060 openSUSE Tumbleweed:python36-kubernetes-12.0.1-1.8 openSUSE Tumbleweed:python38-kubernetes-12.0.1-1.8 openSUSE Tumbleweed:python39-kubernetes-12.0.1-1.8 low 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-20060.html CVE-2018-20060 https://bugzilla.suse.com/1119376 SUSE Bug 1119376 https://bugzilla.suse.com/1216275 SUSE Bug 1216275 The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument. CVE-2019-11324 openSUSE Tumbleweed:python36-kubernetes-12.0.1-1.8 openSUSE Tumbleweed:python38-kubernetes-12.0.1-1.8 openSUSE Tumbleweed:python39-kubernetes-12.0.1-1.8 low 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11324.html CVE-2019-11324 https://bugzilla.suse.com/1132900 SUSE Bug 1132900