Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
89
security advisoryFedoraremote code executionFedora 41: 2025-2fd25cfb83 critical: python-h11 malformed requests
Backport upstream fix for CVE-2025-43859. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-2fd25cfb83 2025-05-11 02:30:35.179655+00:00 -------------------------------------------------------------------------------- Name : python-h11 Product : Fedora 41 Version : 0.14.0 Release : 7.fc41 URL : https://github.com/python-hyper/h11 Summary : A pure-Python, bring-your-own-I/O implementation of HTTP/1.1 Description : This is a little HTTP/1.1 library written from scratch in Python, heavily inspired by hyper-h2. It is a "bring-your-own-I/O" library; h11 contains no IO code whatsoever. This means you can hook h11 up to your favorite network API, and that could be anything you want: synchronous, threaded, asynchronous, or your own implementation of RFC 6214 -- h11 will not judge you. This also means that h11 is not immediately useful out of the box: it is a toolkit for building programs that speak HTTP, not something that could directly replace requests or twisted.web or whatever. But h11 makes it much easier to implement something like requests or twisted.web. -------------------------------------------------------------------------------- Update Information: Backport upstream fix for CVE-2025-43859 -------------------------------------------------------------------------------- ChangeLog: * Fri May 2 2025 Robby Callicotte - 0.14.0-7 - Backport upstream fix for CVE-2025-43859 * Sat Jan 18 2025 Fedora Release Engineering - 0.14.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2362286 - CVE-2025-43859 python-h11: h11 accepts some malformed Chunked-Encoding bodies [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2362286 -------------------------------------------------------------------------------- This update can beinstalled with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-2fd25cfb83' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 11, 2025
•Critical
Fedora
203
security advisoryinformation disclosuremalformed requestMageia 7: MGASA-2020-0147 Critical: Nghttp2 Malformed Request Exploit
Malformed request header may cause route matchers or access controls to be bypassed, resulting in escalation of privileges or information disclosure (CVE-2019-18802). References: . MGASA-2020-0147 - Updated nghttp2 packages fix security vulnerability Publication date: 01 Apr 2020 URL: https://advisories.mageia.org/MGASA-2020-0147.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-18802 Malformed request header may cause route matchers or access controls to be bypassed, resulting in escalation of privileges or information disclosure (CVE-2019-18802). References: - https://bugs.mageia.org/show_bug.cgi?id=26361 - http://lists.suse.com/pipermail/sle-security-updates/2020-March/006627.html - https://www.cve.org/CVERecord?id=CVE-2019-18802 SRPMS: - 7/core/nghttp2-1.38.0-1.2.mga7 . Mageia Security Advisory MGASA-2020-0147 addresses a vulnerability in nghttp2 that arises from improperly formatted request headers, leading to potential elevation of privileges.. nghttp2 Security Update, Mageia 7 Advisory, Malformed Request Header, Privilege Escalation Risk. . Severity: Critical. LinuxSecurity.com Team
Mar 31, 2020
•Critical
Mageia
91
security advisoryminimal severitygentooGentoo: 200312-04 Minimal: CVS Malformed Request Exploit Fix
Quote from : Stable CVS 1.11.10 has been released. Stable releases contain only bug fixes from previous versions of CVS. This release fixes a [More...]. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200312-04 - -------------------------------------------------------------------------- GLSA: 200312-04 package: dev-util/cvs summary: Fix for malformed module request vulnerability in cvs severity: minimal Gentoo bug: 35371 date: 2003-12-08 CVE: CAN-2003-0977 exploit: unknown affected: =1.11.10 DESCRIPTION: Quote from : Stable CVS 1.11.10 has been released. Stable releases contain only bug fixes from previous versions of CVS. This release fixes a security issue with no known exploits that could cause previous versions of CVS to attempt to create files and directories in the filesystem root. This release also fixes several issues relevant to case insensitive filesystems and some other bugs. We recommend this upgrade for all CVS clients and servers!" SOLUTION: All Gentoo Linux machines with cvs installed should be updated to use cvs-1.11.10 or higher. emerge sync emerge -pv '> =dev-util/cvs-1.11.10' emerge '> =dev-util/cvs-1.11.10' emerge clean // end -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (Darwin) iD8DBQE/2BrHnt0v0zAqOHYRAt7HAJ9wVNUmbdvS5H4cyUMufSFLsAuhOACfRGWr SuM+gRSKU69MybE6PRtYSrg=SQFw -----END PGP SIGNATURE----- . Gentoo GLSA 202311-09 addresses a security flaw in X11. Upgrade to version 1.20.13 or greater to protect your environment.. Gentoo Security, CVS Update, Software Maintenance, Security Issues, Minor Fix. . LinuxSecurity.com Team
Dec 11, 2003
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!