Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
100
security advisorycriticalinformation disclosureSUSE: 2025:20330-1 Critical Update: Fix for Chunked-Encoding in Python
* bsc#1241872 Cross-References: * CVE-2025-43859 . # Security update for python-h11, python-httpcore Announcement ID: SUSE-SU-2025:20330-1 Release Date: May 20, 2025, 8:39 a.m. Rating: critical References: * bsc#1241872 Cross-References: * CVE-2025-43859 CVSS scores: * CVE-2025-43859 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-43859 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-43859 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for python-h11, python-httpcore fixes the following issues: python-h11: \- Update 0.16.0: * CVE-2025-43859: Fixed accepting of malformed Chunked-Encoding bodies (bsc#1241872) \- 0.15.0: * Reject Content-Lengths > = 1 zettabyte (1 billion terabytes) early, without attempting to parse the integer (#181) python-httpcore: \- CVE-2025-43859: Fixed accepting of malformed Chunked- Encoding bodies (bsc#1241872) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-114=1 ## Package List: * SUSE Linux Micro 6.1 (noarch) * python311-h11-0.16.0-slfo.1.1_1.1 * python311-httpcore-0.16.3-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-43859.html * https://bugzilla.suse.com/show_bug.cgi?id=1241872 . Important SUSE patch for python-h11 and python-httpcore fixes vulnerability related to incorrectly formatted Chunked-Encoding payloads.. SUSE Python Security Update, python-h11 Security Fix, python-httpcore Vulnerability, Chunked Encoding Issue, Security Advisory 2025. . Severity: Critical. LinuxSecurity.com Team
May 28, 2025
•Critical
SuSE
89
security advisoryfedoracriticalFedora 42: python-h11 2025-d1fffcc084 critical: chunked encoding issue
Backport upstream fix for CVE-2025-43859. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-d1fffcc084 2025-05-11 01:15:12.231715+00:00 -------------------------------------------------------------------------------- Name : python-h11 Product : Fedora 42 Version : 0.14.0 Release : 7.fc42 URL : https://github.com/python-hyper/h11 Summary : A pure-Python, bring-your-own-I/O implementation of HTTP/1.1 Description : This is a little HTTP/1.1 library written from scratch in Python, heavily inspired by hyper-h2. It is a "bring-your-own-I/O" library; h11 contains no IO code whatsoever. This means you can hook h11 up to your favorite network API, and that could be anything you want: synchronous, threaded, asynchronous, or your own implementation of RFC 6214 -- h11 will not judge you. This also means that h11 is not immediately useful out of the box: it is a toolkit for building programs that speak HTTP, not something that could directly replace requests or twisted.web or whatever. But h11 makes it much easier to implement something like requests or twisted.web. -------------------------------------------------------------------------------- Update Information: Backport upstream fix for CVE-2025-43859 -------------------------------------------------------------------------------- ChangeLog: * Fri May 2 2025 Robby Callicotte - 0.14.0-7 - Backport upstream fix for CVE-2025-43859 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2362287 - CVE-2025-43859 python-h11: h11 accepts some malformed Chunked-Encoding bodies [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2362287 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-d1fffcc084' at the command line. For moreinformation, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 11, 2025
•Critical
Fedora
98
security advisoryDoS attackchunked encodingRed Hat Secure Web Server 3.2 RHSA-2002:117-11 Moderate: DoS Attack
The Apache Web server contains a security vulnerability which can be usedto launch a denial of service attack, or in some cases, allow remote codeexecution.. ` --------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated secureweb packages fix chunked encoding issue Advisory ID: RHSA-2002:117-11 Issue date: 2002-06-18 Updated on: 2002-06-26 Product: Red Hat Secure Web Server Keywords: apache chunked encoding DoS Cross references: RHSA-2002:103 Obsoletes: RHSA-2002:042 CVE Names: CAN-2002-0392 --------------------------------------------------------------------- 1. Topic: The Apache Web server contains a security vulnerability which can be used to launch a denial of service attack, or in some cases, allow remote code execution. Red Hat Secure Web server is based on the Apache Web server and the secureweb package has been updated to fix this denial of service vulnerability. 2. Relevant releases/architectures: Red Hat Secure Web Server 3.2 - i386 3. Problem description: Versions of the Apache Web server up to and including 1.3.24 contain a bug in the routines which deal with requests that are processed with "chunked" encoding. A carefully crafted invalid request can cause an Apache child process to call the memcpy() function in a way that will write past the end of its buffer, corrupting the stack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0392 to this issue. Our investigations show that this bug cannot be used to gain remote access to a server running Red Hat Secure Web Server but it does cause the child process to die. The Apache parent process will notice this and start a new child process when necessary -- using slightly more resources than normal. All users of Secure Web Server should update to these errata packages to correct this security issue. NOTE: Pay special attention to theinstallation instructions in the "Solution" section below as they differ from standard upgrade instructions. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Some of these files are distributed in rhmask format and may only be used by individuals who have purchased Red Hat Linux 6.2 Professional. To produce installable RPM files from the rhmask files, retrieve the rhmask files via ftp and type the following command: rhmask secureweb-3.2-12.i386.rpm secureweb-3.2.5-1.i386.rpm.rhmask The original RPM is located only on your Secure Web Server CD, and cannot be obtained via the Internet. Note: If you do not have the original RPM located in the same directory as the rhmask file, you will need to prefix the name of the RPM with the full path name to its location (for example, on your installation CD). To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. 5. Bug IDs fixed ( for more info): 6. RPMs required: Red Hat Secure Web Server 3.2: SRPMS: i386: 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 20dae29b7188c307cd495ee7509ff231 other_prod/secureweb/3.2/SRPMS/secureweb-3.2.6-1.nosrc.rpm 0ab5997be631fdee7d000b6d6767ed0d other_prod/secureweb/3.2/i386/secureweb-3.2.6-1.i386.rpm.rhmask eb4d09fb8452f62d02e443bdaea0bbd9 other_prod/secureweb/3.2/i386/secureweb-devel-3.2.6-1.i386.rpm 0ebbcd3faadd569717fb85caf5b18320 other_prod/secureweb/3.2/i386/secureweb-manual-3.2.6-1.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: About You can verifyeach package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 8. References: apache Apache Week. Security issue forces release of 1.3.26, 2.0.39 CVE -CVE-2002-0392 Copyright(c) 2000, 2001, 2002 Red Hat, Inc. `. The Apache Web Server faces a Moderate DoS issue, demanding urgent action to safeguard systems from possible attack.. Red Hat Secure Web, DoS Attack, Apache Server Security, Attack Prevention. . Severity: Important. LinuxSecurity.com Team
Jun 26, 2002
•Important
Red Hat
98
security advisorydenial of servicecriticalRed Hat Stronghold RHSA-2002:118-06 Critical Apache DoS Risk
The Apache Web server contains a security vulnerability which can be usedto launch a denial of service attack, or in some cases, allow remote codeexecution.. ` --------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Stronghold: Chunked encoding vulnerability in Apache Advisory ID: RHSA-2002:118-06 Issue date: 2002-06-20 Updated on: 2002-06-20 Product: Stronghold Cross Platform Keywords: apache chunked encoding DoS Cross references: Obsoletes: CVE Names: CAN-2002-0392 --------------------------------------------------------------------- 1. Topic: The Apache Web server contains a security vulnerability which can be used to launch a denial of service attack, or in some cases, allow remote code execution. 2. Relevant releases/architectures: 3. Problem description: Versions of the Apache Web server up to and including 1.3.24 contain a bug in the routines which deal with requests encoded using "chunked" encoding. A carefully crafted invalid request can cause an Apache child process to call the memcpy() function in a way that will write past the end of its buffer, corrupting the stack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0392 to this issue. Due to the nature of the overflow on 32-bit Unix platforms this will most likely cause a segmentation violation and the child will terminate. However on some 64-bit platforms and some 32-bit platforms it is likely that it is further exploitable. This could allow arbitrary code to be run on the server as the user the Apache children are set to run as. All users of Stronghold are advised to patch or upgrade their servers 4. Solution: We have backported the security fix from the official Apache 1.3.26 release. The patch and instructions on how to apply it are available from the Stronghold resource center at Stronghold 3: Hat.com/sh3/errata-2002-118 Stronghold 4: Hat.com/sh4/errata-2002-118 Updated packages will also be made available shortly from the same URLs 5. Bug IDs fixed ( for more info): 6. RPMs required: 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: About You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 8. References: apache Hat.com/sh3/errata-2002-118 Hat.com/sh4/errata-2002-118 CVE -CVE-2002-0392 Copyright(c) 2000, 2001, 2002 Red Hat, Inc. `. Red Hat outlines essential measures to address Apache DoS weaknesses affecting Stronghold servers, emphasizing on updates, patches, and vigilance in performance reviews.. Apache Denial Of Service, Stronghold Security Fix, Chunked Encoding Issue. . Severity: Critical. LinuxSecurity.com Team
Jun 20, 2002
•Critical
Red Hat
98
security advisoryRed Hat LinuxDoSRed Hat 6.2: RHSA-2002:103-13 Severe: Apache DoS and Remote Code Exploit
The Apache Web server contains a security vulnerability which can be usedto launch a denial of service attack, or in some cases, allow remote codeexecution.. ` --------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated Apache packages fix chunked encoding issue Advisory ID: RHSA-2002:103-13 Issue date: 2002-05-29 Updated on: 2002-06-19 Product: Red Hat Linux Keywords: apache chunked encoding DoS Cross references: RHSA-2002:117 Obsoletes: RHSA-2001:126 CVE Names: CAN-2002-0392 --------------------------------------------------------------------- 1. Topic: The Apache Web server contains a security vulnerability which can be used to launch a denial of service attack, or in some cases, allow remote code execution. 2. Relevant releases/architectures: Red Hat Linux 6.2 - alpha, i386, sparc Red Hat Linux 7.0 - alpha, i386 Red Hat Linux 7.1 - alpha, i386, ia64 Red Hat Linux 7.2 - i386, ia64 Red Hat Linux 7.3 - i386 3. Problem description: Versions of the Apache Web server up to and including 1.3.24 contain a bug in the routines which deal with requests encoded using "chunked" encoding. A carefully crafted invalid request can cause an Apache child process to call the memcpy() function in a way that will write past the end of its buffer, corrupting the stack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0392 to this issue. Our investigations show that this bug cannot be used to gain remote access to a server running Apache on Red Hat Linux on 32-bit platforms, but it does cause the child process to die. The Apache parent process will notice this and start a new child process when necessary -- using more resources than normal. Investigations by the Apache Software Foundation show that in some cases 64-bit platforms may have a greater exposure and could be remotely exploited to allow arbitrary code to berun on the server. We have backported the security fix from the official Apache 1.3.26 release. This should help minimize the impact of upgrading to our errata packages. All users of Apache should update to these errata packages to correct this security issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed ( for more info): 6. RPMs required: Red Hat Linux 6.2: SRPMS: alpha: i386: sparc: Red Hat Linux 7.0: SRPMS: alpha: i386: Red Hat Linux 7.1: SRPMS: alpha: i386: ia64: Red Hat Linux 7.2: SRPMS: i386: ia64: Red Hat Linux 7.3: SRPMS: i386: 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- c9cc91b855c94af3abe311195a04aade 6.2/en/os/SRPMS/apache-1.3.22-5.6.src.rpm e399aa8737897f24d4623095a172f006 6.2/en/os/alpha/apache-1.3.22-5.6.alpha.rpm 8e9a722fded471509bc8931ae61d8129 6.2/en/os/alpha/apache-devel-1.3.22-5.6.alpha.rpm 88a016e02120651c31507e7b353ce70d 6.2/en/os/alpha/apache-manual-1.3.22-5.6.alpha.rpm 6d4c4572e78e896a3524e27b3a66f95c6.2/en/os/i386/apache-1.3.22-5.6.i386.rpm 192b4845d74ea1c4ca322dd12cff6753 6.2/en/os/i386/apache-devel-1.3.22-5.6.i386.rpm 8c7c2dae4dbba20b9bc19627ca931c16 6.2/en/os/i386/apache-manual-1.3.22-5.6.i386.rpm 1a04dc5b42074c669dddf758889fdbc6 6.2/en/os/sparc/apache-1.3.22-5.6.sparc.rpm e4b719011fc78631a7ef378c66ace855 6.2/en/os/sparc/apache-devel-1.3.22-5.6.sparc.rpm cfe617f37ed9aab2365d67dca1f9fa52 6.2/en/os/sparc/apache-manual-1.3.22-5.6.sparc.rpm b1add5144050db80c5b2bdce9d548b58 7.0/en/os/SRPMS/apache-1.3.22-5.7.1.src.rpm ec7369dc5a84513635a5a98133be60be 7.0/en/os/alpha/apache-1.3.22-5.7.1.alpha.rpm dbae5cade3259bbcf757868f1715eedb 7.0/en/os/alpha/apache-devel-1.3.22-5.7.1.alpha.rpm 2a55386b504652e054bb640e5d201f20 7.0/en/os/alpha/apache-manual-1.3.22-5.7.1.alpha.rpm 731785ece8addde5d9428b9015c57866 7.0/en/os/i386/apache-1.3.22-5.7.1.i386.rpm 1fd7cc20f207610b860d9311fddbfa09 7.0/en/os/i386/apache-devel-1.3.22-5.7.1.i386.rpm 2cadb7f177f0bb7269e6dd0a88578e4b 7.0/en/os/i386/apache-manual-1.3.22-5.7.1.i386.rpm b1add5144050db80c5b2bdce9d548b58 7.1/en/os/SRPMS/apache-1.3.22-5.7.1.src.rpm ec7369dc5a84513635a5a98133be60be 7.1/en/os/alpha/apache-1.3.22-5.7.1.alpha.rpm dbae5cade3259bbcf757868f1715eedb 7.1/en/os/alpha/apache-devel-1.3.22-5.7.1.alpha.rpm 2a55386b504652e054bb640e5d201f20 7.1/en/os/alpha/apache-manual-1.3.22-5.7.1.alpha.rpm 731785ece8addde5d9428b9015c57866 7.1/en/os/i386/apache-1.3.22-5.7.1.i386.rpm 1fd7cc20f207610b860d9311fddbfa09 7.1/en/os/i386/apache-devel-1.3.22-5.7.1.i386.rpm 2cadb7f177f0bb7269e6dd0a88578e4b 7.1/en/os/i386/apache-manual-1.3.22-5.7.1.i386.rpm b981535612f142e5a639653f0910aba7 7.1/en/os/ia64/apache-1.3.22-5.7.1.ia64.rpm 48e67955fa90dc3fca4a9fa54fab50f4 7.1/en/os/ia64/apache-devel-1.3.22-5.7.1.ia64.rpm d7d617e218e24213b94a6c39414f2cc6 7.1/en/os/ia64/apache-manual-1.3.22-5.7.1.ia64.rpm 7f7dc17add4c51e87f575c9d92dbff93 7.2/en/os/SRPMS/apache-1.3.22-6.src.rpm 1f68721d45673d38ec8103e60f8b73f7 7.2/en/os/i386/apache-1.3.22-6.i386.rpm c0c85594e3c818756922d227a111cbdc7.2/en/os/i386/apache-devel-1.3.22-6.i386.rpm c2fab1baaac50f2f7852ca452733c395 7.2/en/os/i386/apache-manual-1.3.22-6.i386.rpm 1efb1921007440d3593299ef2a0e6cb5 7.2/en/os/ia64/apache-1.3.22-6.ia64.rpm f8f970bbc5c1fe493e7085e35c558b47 7.2/en/os/ia64/apache-devel-1.3.22-6.ia64.rpm c838ac0248526139d2c706dd93e15f45 7.2/en/os/ia64/apache-manual-1.3.22-6.ia64.rpm c591a36143a23a48706a88c1a031435f 7.3/en/os/SRPMS/apache-1.3.23-14.src.rpm 28471eb382a8495f3b89fb7d802659e1 7.3/en/os/i386/apache-1.3.23-14.i386.rpm e4995ac4b722f3e53566e4dcd1b07692 7.3/en/os/i386/apache-devel-1.3.23-14.i386.rpm be2830997ba9b1807d35985e6ab80caf 7.3/en/os/i386/apache-manual-1.3.23-14.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: About You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 8. References: apache Apache Week. Security issue forces release of 1.3.26, 2.0.39 CVE -CVE-2002-0392 Copyright(c) 2000, 2001, 2002 Red Hat, Inc. `. Red Hat warns of a serious Apache vulnerability that may permit remote code execution or service disruptions, urging admins to promptly apply patches and enhance system security. Red Hat Advisory, Apache DoS, Security Fixes, Remote Code Risk. . Severity: Critical. LinuxSecurity.com Team
Jun 19, 2002
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!