Alerts This Week
Warning Icon 1 929
Alerts This Week
Warning Icon 1 929

Fedora 43 python-requests Significant Patch CVE-2026-25645

fedora
Calendar Grey May 24, 2026
Dist Fedora Esm H88
Python-requests update addresses important bugfixes and security concerns with CVE-2026-25645. Read for details.
2.33.1 (2026-03-30) Bugfixes - Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory

Summary

Most existing Python modules for sending HTTP requests are extremely verbose and

cumbersome. Python\u2019s built-in urllib2 module provides most of the HTTP

capabilities you should need, but the API is thoroughly broken. This library is

designed to make HTTP requests easy for developers.

Update Information:

2.33.1 (2026-03-30) Bugfixes - Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. - Fixed Content-Type header parsing for malformed values. - Improved error consistency for malformed header values. 2.33.0 (2026-03-25) Announcements - \U0001f4e3 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. \U0001f4e3 Security - CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly. Improvements - Migrated to a PEP 517 build system using setuptools. Bugfixes - Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. Deprecations - Dropped support for Pyt...

Topics%20covered

Topics Covered

security advisory fedora important bugfix python-requests malformed headers

Change Log

* Tue Mar 31 2026 Lumir Balhar - 2.33.1-1 - Update to 2.33.1 (rhbz#2451396) * Tue Mar 10 2026 Benjamin A. Beasley - 2.32.5-5 - Package the use_chardet_on_py3 extra * Tue Mar 10 2026 Benjamin A. Beasley - 2.32.5-4 - Increase chardet upper limit to 7 * Sat Jan 17 2026 Fedora Release Engineering - 2.32.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild

References


[ 1 ] Bug #2467989 - python3-requests package lacks fix for CVE-2026-25645 https://bugzilla.redhat.com/show_bug.cgi?id=2467989

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-8ad863685a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: python-requests
Product: Fedora 43
Version: 2.33.1
Release: 1.fc43
URL: https://pypi.io/project/requests
Summary: HTTP library, written in Python, for human beings

Topics%20covered

Topics Covered

security advisory fedora important bugfix python-requests malformed headers

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here