Fedora 41: 2025-2fd25cfb83 critical: python-h11 malformed requests
fedora
May 11, 2025
Backport upstream fix for CVE-2025-43859
Summary
This is a little HTTP/1.1 library written from scratch in Python, heavily
inspired by hyper-h2. It is a "bring-your-own-I/O" library; h11 contains no IO
code whatsoever. This means you can hook h11 up to your favorite network API,
and that could be anything you want: synchronous, threaded, asynchronous, or
your own implementation of RFC 6214 -- h11 will not judge you. This also means
that h11 is not immediately useful out of the box: it is a toolkit for building
programs that speak HTTP, not something that could directly replace requests or
twisted.web or whatever. But h11 makes it much easier to implement something
like requests or twisted.web.
Update Information:
Backport upstream fix for CVE-2025-43859
Change Log
* Fri May 2 2025 Robby Callicotte
References
[ 1 ] Bug #2362286 - CVE-2025-43859 python-h11: h11 accepts some malformed Chunked-Encoding bodies [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2362286
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-2fd25cfb83' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: python-h11
Product: Fedora 41
Version: 0.14.0
Release: 7.fc41
Summary: A pure-Python, bring-your-own-I/O implementation of HTTP/1.1
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!