Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
89
security advisoryfedoraimportantFedora 44 python-pulp-glue Important CVE-2026-25645 Malformed Header Fix
2.33.1 (2026-03-30) Bugfixes - Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. - Fixed Content-Type header parsing for malformed values.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-44919b3d9f 2026-05-10 02:48:49.647116+00:00 -------------------------------------------------------------------------------- Name : python-pulp-glue Product : Fedora 44 Version : 0.37.0 Release : 5.fc44 URL : https://github.com/pulp/pulp-cli Summary : The version agnostic Pulp 3 client library in python Description : pulp-glue is a library to ease the programmatic communication with the Pulp3 API. It helps to abstract different resource types with so called contexts and allows to build or even provides complex workflows like chunked upload or waiting on tasks. It is built around an openapi3 parser to provide client side validation of http requests, while accounting for known quirks and incompatibilities between different Pulp server component versions. -------------------------------------------------------------------------------- Update Information: 2.33.1 (2026-03-30) Bugfixes - Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. - Fixed Content-Type header parsing for malformed values. - Improved error consistency for malformed header values. 2.33.0 (2026-03-25) Announcements - \U0001f4e3 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. \U0001f4e3 Security - CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly. Improvements - Migrated to a PEP 517 build system using setuptools. Bugfixes - Fixed anissue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. Deprecations - Dropped support for Python 3.9 following its end of support. Documentation - Various typo fixes and doc improvements. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2026 Lumir Balhar - 0.37.0-5 - Remove upper version bound on requests * Tue Feb 17 2026 Simone Caronni - 0.37.0-4 - Clean up .gitignore -------------------------------------------------------------------------------- References: [ 1 ] Bug #2467989 - python3-requests package lacks fix for CVE-2026-25645 https://bugzilla.redhat.com/show_bug.cgi?id=2467989 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-44919b3d9f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Stay secure with Fedora 44 Python Pulp Glue critical update addressing CVE-2026-25645 and improving bug fixes.. Fedora Update, Python Pulp Glue, Security Fix, CVE-2026-25645, Bug Fix. . Severity: Important. LinuxSecurity.com Team
May 10, 2026
•Important
Fedora
89
security advisorydenial of servicefedoraFedora 44 cpp-httplib Update 0.37.1 Denial of Service CVE-2026-31870
Update to 0.37.1 Fixes Denial of Service via malformed Content-Length header (CVE-2026-31870) Reenable 32b builds Update to 0.37.0 (rhbz#2441656). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-2c2afa9f9e 2026-03-20 00:16:04.477762+00:00 -------------------------------------------------------------------------------- Name : cpp-httplib Product : Fedora 44 Version : 0.37.1 Release : 2.fc44 URL : https://github.com/yhirose/cpp-httplib Summary : A C++11 single-file header-only cross platform HTTP/HTTPS library Description : A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include the httplib.h file in your code! -------------------------------------------------------------------------------- Update Information: Update to 0.37.1 Fixes Denial of Service via malformed Content-Length header (CVE-2026-31870) Reenable 32b builds Update to 0.37.0 (rhbz#2441656) Fixes Denial of Service via crafted HTTP POST request (CVE-2026-29076, rhbz#2445663) Update to 0.35.0 Payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized request bodies (CVE-2026-28435, rhbz#2444638) Default exception handler leaks e.what() to clients via EXCEPTION_WHAT response header (CVE-2026-28434, rhbz#2444636) https://github.com/yhirose/cpp-httplib/compare/v0.32.0...v0.37.0 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 11 2026 Petr Men\u0161k - 0.37.1-2 - Build for 32 bits again * Tue Mar 10 2026 Petr Men\u0161k - 0.37.1-1 - Update to 0.37.1 (rhbz#2445943) * Mon Mar 9 2026 Petr Men\u0161k - 0.37.0-1 - Update to 0.37.0 (rhbz#2441656) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2441656 - cpp-httplib-0.37.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2441656 [ 2 ] Bug #2444636 - CVE-2026-28434 cpp-httplib:default exception handler leaks e.what() to clients via EXCEPTION_WHAT response header [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2444636 [ 3 ] Bug #2444638 - CVE-2026-28435 cpp-httplib: payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized request bodies [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2444638 [ 4 ] Bug #2445663 - CVE-2026-29076 cpp-httplib: cpp-httplib: Denial of Service via crafted HTTP POST request [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2445663 [ 5 ] Bug #2445943 - cpp-httplib-0.37.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2445943 [ 6 ] Bug #2446926 - CVE-2026-31870 cpp-httplib: cpp-httplib: Denial of Service via malformed Content-Length header [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2446926 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-2c2afa9f9e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update to cpp-httplib 0.37.1 for Fedora 44 addresses denial of service via malformed content-length header.. cpp-httplib Fedora update denial service security. . Severity: Important. LinuxSecurity.com Team
Mar 20, 2026
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!