CVE-2023-45803

Advisory

Py-pure-client 2.29 and prior versions ship with vulnerable dependencies (urllib3 >= 1.26.17).

Affected package

Affected versions

Fixed versions

Vulnerability changelog

Kerberos security options for NFS v4.1 in FA File now supported: "krb5", "krb5i", "krb5p"

Endpoints enhancements
- For the Directory Service Role endpoint the role attribute is now a ReferenceNoId type (previously was a FixedReferenceNoId).
- Continuation token support for:
- get_volume_snapshots_transfer
- get_protection_group_snapshot_transfer
- CBS Capacity Expansion endpoints now publicly available to users for both PAZ and PAWS
- listing supported capacity values
- setting desired capacity
- getting the status of capacity update
- Expand GET /software-patches with fields:
- ha_reduction_required
- Expand POST /software-patches with fields:
- allow_ha_reduction

Client enhancements
- Dynamic import of versioned clients
- Updated urllib3 >= 1.26.17
- Removed upper limit for python-dateutil

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803
• https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4
• https://www.rfc-editor.org/rfc/rfc9110.html#name-get
• https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/