Alerts This Week
Warning Icon 1 1,295
Alerts This Week
Warning Icon 1 1,295

Fedora 42: Critical Advisory on python-requests .netrc Credentials Leak

fedora
Calendar Grey July 12, 2025
Dist Fedora Esm H88
Urgent security notice regarding python-requests in Fedora 42 updates concerning .netrc credential exposure flaw.

Update to 2.32.4 Security fix for CVE-2024-47081: .netrc credentials leak via malicious URLs

Summary

Most existing Python modules for sending HTTP requests are extremely verbose and

cumbersome. Python\u2019s built-in urllib2 module provides most of the HTTP

capabilities you should need, but the API is thoroughly broken. This library is

designed to make HTTP requests easy for developers.

Update Information:

Update to 2.32.4 Security fix for CVE-2024-47081: .netrc credentials leak via malicious URLs

Change Log

* Mon Jul 7 2025 Miro Hron\u010dok - 2.32.4-1 - Update to 2.32.4 - Security fix for CVE-2024-47081: .netrc credentials leak via malicious URLs * Wed Jun 4 2025 Python Maint - 2.32.3-14 - Rebuilt for Python 3.14 * Tue Jun 3 2025 Python Maint - 2.32.3-13 - Bootstrap for Python 3.14 * Tue Apr 15 2025 Benjamin A. Beasley - 2.32.3-5 - Backport test-cert. fixes for urllib3 2.4.0 compatibility

References


[ 1 ] Bug #2371255 - python-requests-2.32.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2371255 [ 2 ] Bug #2375886 - CVE-2024-47081 python-requests: Requests vulnerable to .netrc credentials leak via malicious URLs [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2375886

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-87207b946a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: python-requests
Product: Fedora 42
Version: 2.32.4
Release: 1.fc42
Summary: HTTP library, written in Python, for human beings

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here