Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
89
security advisoryfedoraimportantFedora 43 cpp-httplib Important TLS Cert Bypass Fix 2026-e76feaf213
Update to 0.38.0 (rhbz#2447261) Filename sanitization for path traversal prevention \u2014 Added sanitize_filename() to prevent path traversal attacks via malicious filenames in multipart uploads (83e98a2) Symlink protection in static file server \u2014 Static file serving now detects and. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e76feaf213 2026-04-01 00:56:24.864633+00:00 -------------------------------------------------------------------------------- Name : cpp-httplib Product : Fedora 43 Version : 0.38.0 Release : 1.fc43 URL : https://github.com/yhirose/cpp-httplib Summary : A C++11 single-file header-only cross platform HTTP/HTTPS library Description : A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include the httplib.h file in your code! -------------------------------------------------------------------------------- Update Information: Update to 0.38.0 (rhbz#2447261) Filename sanitization for path traversal prevention \u2014 Added sanitize_filename() to prevent path traversal attacks via malicious filenames in multipart uploads (83e98a2) Symlink protection in static file server \u2014 Static file serving now detects and rejects symlinks that point outside the mount directory, preventing symlink- based directory traversal (f787f31) Brotli compression support \u2014 Added Brotli (br) as a supported content encoding alongside gzip and deflate (ec1ffbc) Accept-Encoding quality parameter parsing \u2014 The server now parses q= quality values in the Accept-Encoding header and selects the best encoding accordingly (bb7c7ab) SSL proxy connection support \u2014 SSLClient can now establish connections through HTTPS proxies, with a new setup_proxy_connection method for cleaner proxy handling (f6ed5fc, b1bb2b7) WebSocket ping interval runtime configuration \u2014 WebSocket ping interval can now be configured at runtime instead of only at compile time(257b266) Benchmark test suite \u2014 Added benchmark tests and configurations for performance evaluation (ba0d0b8) Unicode path component decoding tests \u2014 Added test coverage for Unicode characters in decode_path_component (43a54a3) Documentation updates \u2014 Enhanced TLS backend documentation with platform- specific certificate handling details; clarified progress callback usage and user data handling in examples (511e3ef, 2e61fd3) Fix port conflict in test \u2014 Fixed port number in OpenStreamMalformedContentLength test to avoid conflicts (4978f26) Removed large data tests for GzipDecompressor and SSLClientServerTest that caused memory issues (5ecba74, 69d468f) Enabled BindDualStack test (69d468f) Source: https://github.com/yhirose/cpp-httplib/releases/tag/v0.38.0 Fixes silent TLS certificate verification bypass on HTTPS Redirect via proxy (CVE-2026-32627, rhbz#2448105) Source: https://github.com/yhirose/cpp-httplib/releases/tag/v0.37.2 -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 17 2026 Petr Men\u0161k - 0.38.0-1 - Update to 0.38.0 (rhbz#2447261) * Tue Mar 17 2026 Petr Men\u0161k - 0.37.2-1 - Update to 0.37.2 - Fixes silent TLS certificate verification bypass on HTTPS Redirect via proxy (CVE-2026-32627, rhbz#2448105) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2447261 - cpp-httplib-0.38.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2447261 [ 2 ] Bug #2448105 - CVE-2026-32627 cpp-httplib: silent TLS certificate verification bypass on HTTPS Redirect via proxy [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2448105 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e76feaf213' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . This advisory updates cpp-httplib in Fedora 43, addressing path traversal risks and enhancing security measures.. cpp-httplib, Fedora 43, path traversal, TLS certificate verification, software update. . Severity: Important. LinuxSecurity.com Team
Apr 01, 2026
•Important
Fedora
89
security advisoryupdateFedoraFedora 40: FEDORA-2025-5f04326f4f moderate: Jinja2 sandbox breakout
Update to jinja2-3.1.5.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-5f04326f4f 2025-01-17 01:35:26.873127+00:00 -------------------------------------------------------------------------------- Name : mingw-python-jinja2 Product : Fedora 40 Version : 3.1.5 Release : 1.fc40 URL : https://palletsprojects.com/projects/jinja/ Summary : MinGW Windows Python jinja2 library Description : MinGW Windows Python jinja2 library. -------------------------------------------------------------------------------- Update Information: Update to jinja2-3.1.5. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 8 2025 Sandro Mani - 3.1.5-1 - Update to 3.1.5 * Thu Jul 18 2024 Fedora Release Engineering - 3.1.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2336370 - CVE-2024-56201 mingw-python-jinja2: Jinja has a sandbox breakout through malicious filenames [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2336370 [ 2 ] Bug #2336376 - CVE-2024-56201 mingw-python-jinja2: Jinja has a sandbox breakout through malicious filenames [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2336376 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-5f04326f4f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jan 17, 2025
Fedora
89
security advisoryFedorasecurity fixFedora 41: FEDORA-2025-7b6e208ef2 moderate: python-jinja2 sandbox issue
Update to 3.1.5 Security fix for CVE-2024-56201. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-7b6e208ef2 2025-01-12 01:37:12.378777+00:00 -------------------------------------------------------------------------------- Name : python-jinja2 Product : Fedora 41 Version : 3.1.5 Release : 1.fc41 URL : https://palletsprojects.com/projects/jinja/ Summary : General purpose template engine Description : Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. If you have any exposure to other text-based template languages, such as Smarty or Django, you should feel right at home with Jinja2. It's both designer and developer friendly by sticking to Python's principles and adding functionality useful for templating environments. -------------------------------------------------------------------------------- Update Information: Update to 3.1.5 Security fix for CVE-2024-56201 -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 8 2025 Miro HronÄok - 3.1.5-1 - Update to 3.1.5 - Security fix for CVE-2024-56201 - Fixes: rhzb#2333688 - Fixes: rhzb#2336377 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2333854 - CVE-2024-56201 jinja2: Jinja has a sandbox breakout through malicious filenames https://bugzilla.redhat.com/show_bug.cgi?id=2333854 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-7b6e208ef2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys usedby the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . Patch released for python-jinja2 on Fedora 41 targeting a sandbox escape vulnerability. Upgrade to version 3.1.5 is now accessible.. Fedora Updates, python-jinja2 security, template engine fix, sandbox breakout, security advisory. . LinuxSecurity.com Team
Jan 12, 2025
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!