Recommended update for python-requestsSUSE Patchsecurity@suse.deSUSE Security TeamSUSE-RU-2024:3598-1Final112024-10-11T08:42:22Zcurrent2024-10-11T08:42:22Z2024-10-11T08:42:22Zcve-database/bin/generate-cvrf.pl2017-02-24T01:00:00ZRecommended update for python-requestsThis update for python-requests fixes the following issue: - Update CVE-2024-35195.patch to allow the usage of 'verify' parameter as a directory (bsc#1225912) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).Image SLES12-SP5-Azure-BYOS-2024-3598,Image SLES12-SP5-Azure-HPC-BYOS-2024-3598,Image SLES12-SP5-Azure-SAP-BYOS-2024-3598,Image SLES12-SP5-Azure-SAP-On-Demand-2024-3598,Image SLES12-SP5-EC2-BYOS-2024-3598,Image SLES12-SP5-EC2-ECS-On-Demand-2024-3598,Image SLES12-SP5-EC2-On-Demand-2024-3598,Image SLES12-SP5-EC2-SAP-BYOS-2024-3598,Image SLES12-SP5-EC2-SAP-On-Demand-2024-3598,Image SLES12-SP5-GCE-BYOS-2024-3598,Image SLES12-SP5-GCE-SAP-BYOS-2024-3598,Image SLES12-SP5-GCE-SAP-On-Demand-2024-3598,Image SLES12-SP5-SAP-Azure-LI-BYOS-Production-2024-3598,Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production-2024-3598,SUSE-2024-3598,SUSE-SLE-HA-12-SP5-2024-3598,SUSE-SLE-Module-Public-Cloud-12-2024-3598,SUSE-SLE-SERVER-12-SP5-2024-3598Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)https://www.suse.com/support/update/announcement/-2024-3598/suse-ru-20243598-1/Link for SUSE-RU-2024:3598-1https://lists.suse.com/pipermail/sle-updates/2024-October/037216.htmlE-Mail link for SUSE-RU-2024:3598-1https://www.suse.com/support/security/rating/SUSE Security Ratingshttps://bugzilla.suse.com/1225912SUSE Bug 1225912https://www.suse.com/security/cve/CVE-2024-35195/SUSE CVE CVE-2024-35195 pageImage SLES12-SP5-Azure-BYOSImage SLES12-SP5-Azure-HPC-BYOSImage SLES12-SP5-Azure-SAP-BYOSImage SLES12-SP5-Azure-SAP-On-DemandImage SLES12-SP5-EC2-BYOSImage SLES12-SP5-EC2-ECS-On-DemandImage SLES12-SP5-EC2-On-DemandImage SLES12-SP5-EC2-SAP-BYOSImage SLES12-SP5-EC2-SAP-On-DemandImage SLES12-SP5-GCE-BYOSImage SLES12-SP5-GCE-SAP-BYOSImage SLES12-SP5-GCE-SAP-On-DemandImage SLES12-SP5-SAP-Azure-LI-BYOS-ProductionImage SLES12-SP5-SAP-Azure-VLI-BYOS-ProductionSUSE Linux Enterprise High Availability Extension 12 SP5SUSE Linux Enterprise Module for Public Cloud 12SUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP5python-requests-2.24.0-8.20.1python3-requests-2.24.0-8.20.1python-requests-2.24.0-8.20.1 as a component of Image SLES12-SP5-Azure-BYOSpython-requests-2.24.0-8.20.1 as a component of Image SLES12-SP5-Azure-HPC-BYOSpython-requests-2.24.0-8.20.1 as a component of Image SLES12-SP5-Azure-SAP-BYOSpython-requests-2.24.0-8.20.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demandpython-requests-2.24.0-8.20.1 as a component of Image SLES12-SP5-EC2-BYOSpython-requests-2.24.0-8.20.1 as a component of Image SLES12-SP5-EC2-ECS-On-Demandpython-requests-2.24.0-8.20.1 as a component of Image SLES12-SP5-EC2-On-Demandpython-requests-2.24.0-8.20.1 as a component of Image SLES12-SP5-EC2-SAP-BYOSpython-requests-2.24.0-8.20.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demandpython-requests-2.24.0-8.20.1 as a component of Image SLES12-SP5-GCE-BYOSpython-requests-2.24.0-8.20.1 as a component of Image SLES12-SP5-GCE-SAP-BYOSpython-requests-2.24.0-8.20.1 as a component of Image SLES12-SP5-GCE-SAP-On-Demandpython-requests-2.24.0-8.20.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Productionpython-requests-2.24.0-8.20.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Productionpython-requests-2.24.0-8.20.1 as a component of SUSE Linux Enterprise High Availability Extension 12 SP5python-requests-2.24.0-8.20.1 as a component of SUSE Linux Enterprise Module for Public Cloud 12python3-requests-2.24.0-8.20.1 as a component of SUSE Linux Enterprise Module for Public Cloud 12python-requests-2.24.0-8.20.1 as a component of SUSE Linux Enterprise Server 12 SP5python-requests-2.24.0-8.20.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.CVE-2024-35195Image SLES12-SP5-Azure-BYOS:python-requests-2.24.0-8.20.1Image SLES12-SP5-Azure-HPC-BYOS:python-requests-2.24.0-8.20.1Image SLES12-SP5-Azure-SAP-BYOS:python-requests-2.24.0-8.20.1Image SLES12-SP5-Azure-SAP-On-Demand:python-requests-2.24.0-8.20.1Image SLES12-SP5-EC2-BYOS:python-requests-2.24.0-8.20.1Image SLES12-SP5-EC2-ECS-On-Demand:python-requests-2.24.0-8.20.1Image SLES12-SP5-EC2-On-Demand:python-requests-2.24.0-8.20.1Image SLES12-SP5-EC2-SAP-BYOS:python-requests-2.24.0-8.20.1Image SLES12-SP5-EC2-SAP-On-Demand:python-requests-2.24.0-8.20.1Image SLES12-SP5-GCE-BYOS:python-requests-2.24.0-8.20.1Image SLES12-SP5-GCE-SAP-BYOS:python-requests-2.24.0-8.20.1Image SLES12-SP5-GCE-SAP-On-Demand:python-requests-2.24.0-8.20.1Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:python-requests-2.24.0-8.20.1Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:python-requests-2.24.0-8.20.1SUSE Linux Enterprise High Availability Extension 12 SP5:python-requests-2.24.0-8.20.1SUSE Linux Enterprise Module for Public Cloud 12:python-requests-2.24.0-8.20.1SUSE Linux Enterprise Module for Public Cloud 12:python3-requests-2.24.0-8.20.1SUSE Linux Enterprise Server 12 SP5:python-requests-2.24.0-8.20.1SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-requests-2.24.0-8.20.1moderateTo install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2024-3598/suse-ru-20243598-1/https://www.suse.com/security/cve/CVE-2024-35195.htmlCVE-2024-35195https://bugzilla.suse.com/1224788SUSE Bug 1224788