Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
89
security advisoryfedoranetworkingFedora 44 rust-astral-reqwest-retry 2026-b8b59dcf44 Networking Stack Update
Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the networking stack used by uv. While its developers think that breakage will be rare, it is possible that these changes will result in the rejection of certificates previously trusted by uv so, they have marked the change as breaking out of an abundance of caution. The changes are largely driven by the. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-b8b59dcf44 2026-03-28 00:15:26.019955+00:00 -------------------------------------------------------------------------------- Name : rust-astral-reqwest-retry Product : Fedora 44 Version : 0.9.1 Release : 1.fc44 URL : https://crates.io/crates/astral-reqwest-retry Summary : Retry middleware for reqwest Description : Retry middleware for reqwest. -------------------------------------------------------------------------------- Update Information: Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the networking stack used by uv. While its developers think that breakage will be rare, it is possible that these changes will result in the rejection of certificates previously trusted by uv so, they have marked the change as breaking out of an abundance of caution. The changes are largely driven by the upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included some breaking changes to TLS certificate verification. This update also includes updates for several of uv\u2019s Rust library dependencies. Update rust-openssl-probe to 0.2.1, including breaking changes introduced in 0.2.0, and introduce a new rust-openssl-probe0.1 compat package. Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2. Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option, added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added support for ALPN on the server side. Version 0.2.18 fixed min/max protocol selection fallback forvery old OpenSSL versions. Add an initial package for rust-webpki-root-certs. -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 10 2026 Benjamin A. Beasley - 0.9.1-1 - Update to version 0.9.1; Fixes RHBZ#2437942 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2425802 [ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2425819 [ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432768 [ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432769 [ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432770 [ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432771 [ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432772 [ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432773 [ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432774 [ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432775 [ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432776 [ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432777 [ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432779 [ 14 ] Bug #2436289 -rust-ambient-id-0.0.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=2436289 [ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2437941 [ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2437942 [ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2437976 [ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=2439752 [ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2450541 [ 20 ] Bug #2450582 - uv-0.11.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2450582 [ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format https://bugzilla.redhat.com/show_bug.cgi?id=2451103 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 44 update for rust-astral-reqwest-retry includes critical changes to networking stack potentially affecting TLS certificate trust.. Fedora 44 Rust Update, reqwest Middleware, Security Changes, TLS Trust Issues. . Severity: Important. LinuxSecurity.com Team
Mar 28, 2026
•Important
Fedora
89
security advisoryfedoracriticalCritical SSL Vulnerability Found in Debian 11 python-astral-requests
Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the networking stack used by uv. While its developers think that breakage will be rare, it is possible that these changes will result in the rejection of certificates previously trusted by uv so, they have marked the change as breaking out of an abundance of caution. The changes are largely driven by the. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-b8b59dcf44 2026-03-28 00:15:26.019955+00:00 -------------------------------------------------------------------------------- Name : rust-astral-reqwest-middleware Product : Fedora 44 Version : 0.5.1 Release : 1.fc44 URL : https://crates.io/crates/astral-reqwest-middleware Summary : Wrapper around reqwest to allow for client middleware chains Description : Wrapper around reqwest to allow for client middleware chains. -------------------------------------------------------------------------------- Update Information: Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the networking stack used by uv. While its developers think that breakage will be rare, it is possible that these changes will result in the rejection of certificates previously trusted by uv so, they have marked the change as breaking out of an abundance of caution. The changes are largely driven by the upgrade of reqwest, which powers uv's HTTP clients, to v0.13, which included some breaking changes to TLS certificate verification. This update also includes updates for several of uv\u2019s Rust library dependencies. Update rust-openssl-probe to 0.2.1, including breaking changes introduced in 0.2.0, and introduce a new rust-openssl-probe0.1 compat package. Update rust-rustls-native-certs to 0.8.3, now using openssl-probe 0.2. Update rust-native-tls to 0.2.18. Version 0.2.16 added TLS 1.3 as an option, added stack_from_pem, and upgraded openssl-probe to 0.2. Version 0.2.17 added support for ALPN on theserver side. Version 0.2.18 fixed min/max protocol selection fallback for very old OpenSSL versions. Add an initial package for rust-webpki-root-certs. -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 10 2026 Benjamin A. Beasley - 0.5.1-1 - Update to version 0.5.1; Fixes RHBZ#2437941 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2425802 - rust-openssl-probe-0.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2425802 [ 2 ] Bug #2425819 - rust-rustls-native-certs-0.8.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2425819 [ 3 ] Bug #2432768 - rust-reqsign-aliyun-oss-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432768 [ 4 ] Bug #2432769 - rust-reqsign-core-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432769 [ 5 ] Bug #2432770 - rust-reqsign-0.20.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432770 [ 6 ] Bug #2432771 - rust-reqsign-azure-storage-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432771 [ 7 ] Bug #2432772 - rust-reqsign-http-send-reqwest-4.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432772 [ 8 ] Bug #2432773 - rust-reqsign-google-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432773 [ 9 ] Bug #2432774 - rust-reqsign-file-read-tokio-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432774 [ 10 ] Bug #2432775 - rust-reqsign-command-execute-tokio-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432775 [ 11 ] Bug #2432776 - rust-reqsign-aws-v4-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432776 [ 12 ] Bug #2432777 - rust-reqsign-huaweicloud-obs-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432777 [ 13 ] Bug #2432779 - rust-reqsign-tencent-cos-3.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2432779 [ 14 ] Bug #2436289 - rust-ambient-id-0.0.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=2436289 [ 15 ] Bug #2437941 - rust-astral-reqwest-middleware-0.5.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2437941 [ 16 ] Bug #2437942 - rust-astral-reqwest-retry-0.9.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2437942 [ 17 ] Bug #2437976 - rust-astral_async_http_range_reader-0.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2437976 [ 18 ] Bug #2439752 - rust-native-tls-0.2.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=2439752 [ 19 ] Bug #2450541 - python-uv-build-0.11.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2450541 [ 20 ] Bug #2450582 - uv-0.11.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2450582 [ 21 ] Bug #2451103 - Review Request: rust-webpki-root-certs - Mozilla trusted certificate authorities in self-signed X.509 format https://bugzilla.redhat.com/show_bug.cgi?id=2451103 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b8b59dcf44' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update rust-astral-reqwest-middleware for Fedora 44 addresses critical TLS issues and networking updates to improve stability.. rust-astral-reqwest-middleware, Fedora 44, TLS updates. . Severity: Critical. LinuxSecurity.com Team
Mar 28, 2026
•Critical
Fedora
98
security advisorymiddlewarecontainer imageRHEL-8: RHSA-2022:8964-01 Important Security Update for rh-sso-7/sso76
Updated rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based Middleware Containers. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images Advisory ID: RHSA-2022:8964-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:8964 Issue date: 2022-12-13 CVE Names: CVE-2016-3709 CVE-2022-1304 CVE-2022-3782 CVE-2022-3916 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-30293 CVE-2022-37434 CVE-2022-42898 ==================================================================== 1. Summary: Updated rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based Middleware Containers. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues. Security Fix(es): * keycloak: path traversal via double URL encoding (CVE-2022-3782) * keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916) For more details about the securityissue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Users of rh-sso-7/sso76-openshift-rhel8 container images and rh-sso-7/sso7-rhel8-operator operator are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images. You can find images updated by this advisory in Red Hat Container Catalog (see References). 3. Solution: The RHEL-8 based Middleware Containers container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References). Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally. 4. Bugs fixed (https://bugzilla.redhat.com/): 2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding 2141404 - CVE-2022-3916 keycloak: Session takeover with OIDC offline refreshtokens 5. JIRA issues fixed (https://issues.redhat.com/): CIAM-4412 - Build new OCP image for rh-sso-7/sso76-openshift-rhel8 CIAM-4413 - Generate new operator bundle image for this patch 6.References: https://access.redhat.com/security/cve/CVE-2016-3709 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-3782 https://access.redhat.com/security/cve/CVE-2022-3916 https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-27404 https://access.redhat.com/security/cve/CVE-2022-27405 https://access.redhat.com/security/cve/CVE-2022-27406 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/cve/CVE-2022-42898 https://catalog.redhat.com/software/containers/registry/registry.access.redhat.com/repository/rh-sso-7/sso76-openshift-rhel8 https://access.redhat.com/security/updates/classification/#important 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY5ipn9zjgjWX9erEAQjCiRAAi5ZA/JuXoVbFoEvce4VnkiwYj3R9YGSF xcRYfIxIULSq4rRxjOKZroVyzZUp4HCYHxiNVjSOfreCVCUOrdSEipedwuJIIqvx SbYkdr9H0nww4Sne6rCOJZxVtgGMwMFBCVvQqeqRQAJH6qLpkuHnIda1wt/9HKbV 6kgg4BeqmYVReLO4f0QEXaBl6xuUWTAh8hr4B2fiKJ19r5On05Ob+rXUnpfzqu2p tA204sSB4y5sL6cNxGHXzxDcazRdYyLJj6KkN+3ydLANjFruU5pq9nxZoqKRlT7p CDYGoEguuheLNyDkIXjVngHs7mtKCS6da2jqcJC3fh3N/+hhepeGXk642jyF8u1o RMr6M8HPNsVL4Vdg9d3CZtzfBkDFXSHKD5O6Mi6SkCTKWrY/K6UG1JQtcIpDOTzd PWKE1WkqvpyA3Ie8DRUI0ztEDdRhazPCd+03HYKEVWoD/a+Q5NqgCaBViSuLLxpU 9FIq9OPwaxE4wzEjfuyOBNY183f6eTbAA7RE4ynfitiQiXMUKAhO3jLkFUgsogkp y/N2xyYR/SjIKyRH8zkQXc6+FD5gDX+8exWYnqD+dd8ucmK/D49nwoprXca7X4fH 1cBIpjuFF1pXQTwnygAh7Nyd40bIjEOB81YjoiroOhoLzfsBfBywLfon14bElgu/ c6KgATBEAcE=oocq -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 13, 2022
•Important
Red Hat
87
security advisorysecurity updateDebianDebian DSA-3583-1: Swift-Plugin-S3 Security Update for Replay Attack
It was discovered that the swift3 (S3 compatibility) middleware plugin for Swift performed insufficient validation of date headers which might result in replay attacks. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3583-1
May 18, 2016
•Important
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!