Security update for python-requests SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:2068-1 Final 1 1 2024-06-18T11:16:52Z current 2024-06-18T11:16:52Z 2024-06-18T11:16:52Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-requests This update for python-requests fixes the following issues: - CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` (bsc#1224788). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES12-SP5-Azure-BYOS-2024-2068,Image SLES12-SP5-Azure-HPC-BYOS-2024-2068,Image SLES12-SP5-Azure-SAP-BYOS-2024-2068,Image SLES12-SP5-Azure-SAP-On-Demand-2024-2068,Image SLES12-SP5-EC2-BYOS-2024-2068,Image SLES12-SP5-EC2-ECS-On-Demand-2024-2068,Image SLES12-SP5-EC2-On-Demand-2024-2068,Image SLES12-SP5-EC2-SAP-BYOS-2024-2068,Image SLES12-SP5-EC2-SAP-On-Demand-2024-2068,Image SLES12-SP5-GCE-BYOS-2024-2068,Image SLES12-SP5-GCE-SAP-BYOS-2024-2068,Image SLES12-SP5-GCE-SAP-On-Demand-2024-2068,Image SLES12-SP5-SAP-Azure-LI-BYOS-Production-2024-2068,Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production-2024-2068,SUSE-2024-2068,SUSE-SLE-HA-12-SP5-2024-2068,SUSE-SLE-Module-Public-Cloud-12-2024-2068,SUSE-SLE-SERVER-12-SP5-2024-2068 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20242068-1/ Link for SUSE-SU-2024:2068-1 https://lists.suse.com/pipermail/sle-security-updates/2024-June/018734.html E-Mail link for SUSE-SU-2024:2068-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1224788 SUSE Bug 1224788 https://www.suse.com/security/cve/CVE-2024-35195/ SUSE CVE CVE-2024-35195 page Image SLES12-SP5-Azure-BYOS Image SLES12-SP5-Azure-HPC-BYOS Image SLES12-SP5-Azure-SAP-BYOS Image SLES12-SP5-Azure-SAP-On-Demand Image SLES12-SP5-EC2-BYOS Image SLES12-SP5-EC2-ECS-On-Demand Image SLES12-SP5-EC2-On-Demand Image SLES12-SP5-EC2-SAP-BYOS Image SLES12-SP5-EC2-SAP-On-Demand Image SLES12-SP5-GCE-BYOS Image SLES12-SP5-GCE-SAP-BYOS Image SLES12-SP5-GCE-SAP-On-Demand Image SLES12-SP5-SAP-Azure-LI-BYOS-Production Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production SUSE Linux Enterprise High Availability Extension 12 SP5 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 python-requests-2.24.0-8.17.1 python3-requests-2.24.0-8.17.1 python-requests-2.24.0-8.17.1 as a component of Image SLES12-SP5-Azure-BYOS python-requests-2.24.0-8.17.1 as a component of Image SLES12-SP5-Azure-HPC-BYOS python-requests-2.24.0-8.17.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS python-requests-2.24.0-8.17.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demand python-requests-2.24.0-8.17.1 as a component of Image SLES12-SP5-EC2-BYOS python-requests-2.24.0-8.17.1 as a component of Image SLES12-SP5-EC2-ECS-On-Demand python-requests-2.24.0-8.17.1 as a component of Image SLES12-SP5-EC2-On-Demand python-requests-2.24.0-8.17.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS python-requests-2.24.0-8.17.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand python-requests-2.24.0-8.17.1 as a component of Image SLES12-SP5-GCE-BYOS python-requests-2.24.0-8.17.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS python-requests-2.24.0-8.17.1 as a component of Image SLES12-SP5-GCE-SAP-On-Demand python-requests-2.24.0-8.17.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production python-requests-2.24.0-8.17.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production python-requests-2.24.0-8.17.1 as a component of SUSE Linux Enterprise High Availability Extension 12 SP5 python-requests-2.24.0-8.17.1 as a component of SUSE Linux Enterprise Module for Public Cloud 12 python3-requests-2.24.0-8.17.1 as a component of SUSE Linux Enterprise Module for Public Cloud 12 python-requests-2.24.0-8.17.1 as a component of SUSE Linux Enterprise Server 12 SP5 python-requests-2.24.0-8.17.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0. CVE-2024-35195 Image SLES12-SP5-Azure-BYOS:python-requests-2.24.0-8.17.1 Image SLES12-SP5-Azure-HPC-BYOS:python-requests-2.24.0-8.17.1 Image SLES12-SP5-Azure-SAP-BYOS:python-requests-2.24.0-8.17.1 Image SLES12-SP5-Azure-SAP-On-Demand:python-requests-2.24.0-8.17.1 Image SLES12-SP5-EC2-BYOS:python-requests-2.24.0-8.17.1 Image SLES12-SP5-EC2-ECS-On-Demand:python-requests-2.24.0-8.17.1 Image SLES12-SP5-EC2-On-Demand:python-requests-2.24.0-8.17.1 Image SLES12-SP5-EC2-SAP-BYOS:python-requests-2.24.0-8.17.1 Image SLES12-SP5-EC2-SAP-On-Demand:python-requests-2.24.0-8.17.1 Image SLES12-SP5-GCE-BYOS:python-requests-2.24.0-8.17.1 Image SLES12-SP5-GCE-SAP-BYOS:python-requests-2.24.0-8.17.1 Image SLES12-SP5-GCE-SAP-On-Demand:python-requests-2.24.0-8.17.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:python-requests-2.24.0-8.17.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:python-requests-2.24.0-8.17.1 SUSE Linux Enterprise High Availability Extension 12 SP5:python-requests-2.24.0-8.17.1 SUSE Linux Enterprise Module for Public Cloud 12:python-requests-2.24.0-8.17.1 SUSE Linux Enterprise Module for Public Cloud 12:python3-requests-2.24.0-8.17.1 SUSE Linux Enterprise Server 12 SP5:python-requests-2.24.0-8.17.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-requests-2.24.0-8.17.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242068-1/ https://www.suse.com/security/cve/CVE-2024-35195.html CVE-2024-35195 https://bugzilla.suse.com/1224788 SUSE Bug 1224788