Synopsis: Moderate: python-urllib3 security update Advisory ID: SLSA-2019:2272-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-20060 CVE-2019-11236 -- Security Fix(es): * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) * python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236) -- SL7 x86_64 python-urllib3-1.10.2-7.el7.noarch.rpm noarch python-urllib3-1.10.2-7.el7.noarch.rpm - Scientific Linux Development Team