Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 7 articles for you...
172
security advisoryinformation leakcriticalUbuntu 25.04: USN-7568-1 critical: requests information leak
Several security issues were fixed in Requests.. ========================================================================== Ubuntu Security Notice USN-7568-1 June 16, 2025 requests vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Requests. Software Description: - requests: elegant and simple HTTP library for Python Details: Dennis Brinkrolf and Tobias Funke discovered that Requests did not correctly handle certain HTTP headers. A remote attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 14.04 LTS. (CVE-2023-32681) Juho Forsén discovered that Requests did not correctly parse URLs. A remote attacker could possibly use this issue to leak sensitive information. (CVE-2024-47081) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 python3-requests 2.32.3+dfsg-4ubuntu1.1 Ubuntu 24.10 python3-requests 2.32.3+dfsg-1ubuntu1.1 Ubuntu 24.04 LTS python3-requests 2.31.0+dfsg-1ubuntu1.1 Ubuntu 22.04 LTS python3-requests 2.25.1+dfsg-2ubuntu0.3 Ubuntu 20.04 LTS python3-requests 2.22.0-2ubuntu1.1+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS python-requests 2.18.4-2ubuntu0.1+esm2 Available with Ubuntu Pro python3-requests 2.18.4-2ubuntu0.1+esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS python-requests 2.9.1-3ubuntu0.1+esm2 Available with Ubuntu Pro python3-requests 2.9.1-3ubuntu0.1+esm2 Available with Ubuntu Pro Ubuntu 14.04 LTS python-requests 2.2.1-1ubuntu0.4+esm1 Available with Ubuntu Pro python-requests-whl 2.2.1-1ubuntu0.4+esm1 Available with Ubuntu Pro python3-requests 2.2.1-1ubuntu0.4+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7568-1 CVE-2023-32681, CVE-2024-47081 Package Information: https://launchpad.net/ubuntu/+source/requests/2.32.3+dfsg-4ubuntu1.1 https://launchpad.net/ubuntu/+source/requests/2.32.3+dfsg-1ubuntu1.1 https://launchpad.net/ubuntu/+source/requests/2.31.0+dfsg-1ubuntu1.1 https://launchpad.net/ubuntu/+source/requests/2.25.1+dfsg-2ubuntu0.3 . Multiple vulnerabilities addressed in Requests for Ubuntu, highlighting impacted versions along with the respective patches.. Ubuntu security, Requests library update, Python requests vulnerabilities. . Severity: Critical. LinuxSecurity.com Team
Jun 16, 2025
•Critical
Ubuntu
100
security advisorydenial of serviceimportantSUSE: 2023:4381-1 Important: Squid Denial of Service and HTTP Issues
* bsc#1216495 * bsc#1216498 * bsc#1216500 * bsc#1216803 . # Security update for squid Announcement ID: SUSE-SU-2023:4381-1 Rating: important References: * bsc#1216495 * bsc#1216498 * bsc#1216500 * bsc#1216803 Cross-References: * CVE-2023-46724 * CVE-2023-46846 * CVE-2023-46847 * CVE-2023-46848 CVSS scores: * CVE-2023-46724 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2023-46724 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2023-46846 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-46846 ( NVD ): 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N * CVE-2023-46847 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46847 ( NVD ): 9.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H * CVE-2023-46848 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46848 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for squid fixes the following issues: * CVE-2023-46846: Request/Response smuggling in HTTP/1.1 and ICAP (bsc#1216500). * CVE-2023-46847: Denial of Service in HTTP Digest Authentication (bsc#1216495). * CVE-2023-46724: Fix validation of certificates with CN=* (bsc#1216803). * CVE-2023-46848: Denial of Service in FTP (bsc#1216498). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4381=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4381=1 * SUSELinux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4381=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * squid-debugsource-4.17-4.30.1 * squid-debuginfo-4.17-4.30.1 * squid-4.17-4.30.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * squid-debugsource-4.17-4.30.1 * squid-debuginfo-4.17-4.30.1 * squid-4.17-4.30.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * squid-debugsource-4.17-4.30.1 * squid-debuginfo-4.17-4.30.1 * squid-4.17-4.30.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46724.html * https://www.suse.com/security/cve/CVE-2023-46846.html * https://www.suse.com/security/cve/CVE-2023-46847.html * https://www.suse.com/security/cve/CVE-2023-46848.html * https://bugzilla.suse.com/show_bug.cgi?id=1216495 * https://bugzilla.suse.com/show_bug.cgi?id=1216498 * https://bugzilla.suse.com/show_bug.cgi?id=1216500 * https://bugzilla.suse.com/show_bug.cgi?id=1216803 . Important security patch for SUSE's squid addresses various vulnerabilities, improving HTTP efficiency and safeguarding data.. SUSE Linux, Security Update, Squid, Denial of Service, HTTP Smuggling. . Severity: Important. LinuxSecurity.com Team
Nov 06, 2023
•Important
SuSE
98
security advisoryred hatsecurity fixRedHat OpenShift Serverless 1.30.1 RHSA-2023-5479-01 Critical HTTP Issue
Red Hat OpenShift Serverless 1.30.1 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Release of OpenShift Serverless Client kn 1.30.1 security update Advisory ID: RHSA-2023:5479-01 Product: Red Hat OpenShift Serverless Advisory URL: https://access.redhat.com/errata/RHSA-2023:5479 Issue date: 2023-10-05 CVE Names: CVE-2023-4853 ===================================================================== 1. Summary: Red Hat OpenShift Serverless 1.30.1 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Openshift Serverless 1 on RHEL 8Base - ppc64le, s390x, x86_64 3. Description: Red Hat OpenShift Serverless Client kn 1.30.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.30.1. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. This release includes security and bug fixes, and enhancements. Security Fix(es): * quarkus: HTTP security policy bypass (CVE-2023-4853) For further information about CVE-2023-4853, see the Red Hat Security Bulletin linked to in the References section. For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously releasederrata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2238034 - CVE-2023-4853 quarkus: HTTP security policy bypass 6. Package List: Openshift Serverless 1 on RHEL 8Base: Source: openshift-serverless-clients-1.9.2-3.el8.src.rpm ppc64le: openshift-serverless-clients-1.9.2-3.el8.ppc64le.rpm s390x: openshift-serverless-clients-1.9.2-3.el8.s390x.rpm x86_64: openshift-serverless-clients-1.9.2-3.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-4853 https://access.redhat.com/security/vulnerabilities/RHSB-2023-002 https://access.redhat.com/security/updates/classification#important https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33 https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33 https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33 https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJlHypFAAoJENzjgjWX9erE8dYP/0f2bxOTsczhrQ+AB4503Rl0 roHKG2ZfmKrhNfNCL1v6POQ0iXQryhxU0Uv3t3Vp25dzy5JZyiUoVwugKLkkrISs iFxReqOp336nDs9OIUSMgmMMSYRbhiteMpSR/Z0dFH/kTqsEHHa0YaneVq0x0y8w 2A4oG01A8vAX5WwJJmemIrsJn5ygRm9unKNO2SRleM5Wjbt1gV5ufpKxfY4PvaR+ Z7H7CmqC1A7hzDmZRyGBv8ScKTlBT1fJomBqhEMHSi2PrfH9D4rvGIi+CTF0r30n 3wAaH6CukubiPBms7FEQV5Bgt6XDdtUV7FWaKVLaPjPhboUXKCwGE2gwUkZXp7Wt cV+Uk5NP9/60WYf6WIcqentfy8yARX0Vackh0hIm2YgIXphZ1Oa49Y4KU2lQcijy FXa3CYspd34BNxi96B6WhjYm7LQVPl4zKpeP3PquS1HJNnyOOgH7vtARZGaxn3GK vNMcnP+rUD7sucDicy5fsRF6Fq0wIZHSr0iXSmwc+2YmzSPgRdl0nYXb+0Z0j8Wj IdoHBRifgsHcLjABfeyPqV83fEYXv+dxR5GHgmxrulbw/AdkubYE7koFcgPiFQtB INQM+pfSh8jvieS2ksLvVVTNtj23EPjhmoyCErR1DniUOMhT/8d8ZUuIeVP+p7E9 ONO2EX/B4jH2twYWiKbW =VuSI -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 05, 2023
•Important
Red Hat
197
security advisorycriticalsoftware updateDebian: DLA-3079-1 critical: Jetty HTTP Issues and Service Interruptions
Two security vulnerabilities were discovered in Jetty, a Java servlet engine and webserver. CVE-2022-2047 . -------------------------------------------------------------------------Debian LTS Advisory DLA-3079-1
Aug 21, 2022
•Critical
Debian LTS
87
security advisorycriticaldebianDebian 11 Critical: DSA-5206-1 Apache Trafficserver HTTP Issues
Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in HTTP request smuggling, cache poisoning or information disclosure. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5206-1
Aug 12, 2022
•Critical
Debian
197
security advisorydebiancritical severityDebian LTS Version 9: DLA-2927-1 Critical: Twisted HTTP Request Issues
It was discovered that Twisted, a Python event-based framework for internet applications, is affected by HTTP request splitting vulnerabilities, and may expose sensitive data when following redirects. An attacker may bypass validation checks and retrieve . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2927-1
Feb 19, 2022
•Critical
Debian LTS
202
security advisorymoderatesecurity updateopenSUSE Leap 15.2: openSUSE-SU-2021:0195-1 Moderate: HTTP Issue
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for nodejs8 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0195-1 Rating: moderate References: #1180554 Cross-References: CVE-2020-8287 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nodejs8 fixes the following issue: - CVE-2020-8287: Fixed an HTTP request smuggling vulnerability (bsc#1180554). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-195=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): nodejs8-8.17.0-lp152.3.8.1 nodejs8-debuginfo-8.17.0-lp152.3.8.1 nodejs8-debugsource-8.17.0-lp152.3.8.1 nodejs8-devel-8.17.0-lp152.3.8.1 npm8-8.17.0-lp152.3.8.1 - openSUSE Leap 15.2 (noarch): nodejs8-docs-8.17.0-lp152.3.8.1 References: https://www.suse.com/security/cve/CVE-2020-8287.html https://bugzilla.suse.com/1180554 . The latest Fedora patch resolves a critical buffer overflow vulnerability in python3, significantly improving software safety.. openSUSE Update,nodejs8 security,HTTP smuggling,system patch. . LinuxSecurity.com Team
Jan 30, 2021
OpenSUSE
172
security advisorycriticalremote accessUbuntu 16.04 LTS USN-4702-1 Critical: Pound Information Disclosure
Several security issues were fixed in pound.. =========================================================================Ubuntu Security Notice USN-4702-1 January 25, 2021 pound vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in pound. Software Description: - pound: reverse proxy, load balancer and HTTPS front-end for Web servers Details: It was discovered that Pound incorrectly handled certain HTTP requests A remote attacker could use it to retrieve some sensitive information. (CVE-2016-10711, CVE-2018-21245) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: pound 2.6-6.1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4702-1 CVE-2016-10711, CVE-2018-21245 Package Information: https://launchpad.net/ubuntu/+source/pound/2.6-6.1ubuntu0.1 . Mitigation strategies for vulnerabilities in the pound server affecting Ubuntu 16.04 LTS, focusing on reducing risks associated with unauthorized remote access.. Pound Reverse Proxy, Ubuntu Security Updates, HTTP Security Risks. . Severity: Critical. LinuxSecurity.com Team
Jan 25, 2021
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!