Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
203
security advisorymoderate threatrequest smugglingMageia 8: MGASA-2022-0182 Moderate: Python Waitress Request Smuggling
When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled via the front-end proxy to waitress and later behavior. There are two classes of . MGASA-2022-0182 - Updated python-waitress packages fix security vulnerability Publication date: 15 May 2022 URL: https://advisories.mageia.org/MGASA-2022-0182.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-24761 When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled via the front-end proxy to waitress and later behavior. There are two classes of vulnerability that may lead to request smuggling that are addressed by this advisory: The use of Python’s `int()` to parse strings into integers, leading to `+10` to be parsed as `10`, or `0x01` to be parsed as `1`, where as the standard specifies that the string should contain only digits or hex digits; and Waitress does not support chunk extensions, however it was discarding them without validating that they did not contain illegal characters. This vulnerability has been patched in Waitress 2.1.1 References: - https://bugs.mageia.org/show_bug.cgi?id=30248 - https://ubuntu.com/security/notices/USN-5364-1 - https://www.cve.org/CVERecord?id=CVE-2022-24761 SRPMS: - 8/core/python-waitress-2.1.1-1.mga8 . MGASA-2022-0183: Enhanced python-gunicorn packages address denial-of-service issues and bolster protective protocols.. Mageia Security Update, Python Waitress Fixes, Request Smuggling Protection. . LinuxSecurity.com Team
May 15, 2022
Mageia
98
security advisoryimportant updaterequest smugglingRed Hat OpenStack 16.1 RHSA-2022:1254-01 Important: HTTP Request Smuggling
An update for python-waitress is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenStack Platform 16.1 (python-waitress) security update Advisory ID: RHSA-2022:1254-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:1254 Issue date: 2022-04-06 CVE Names: CVE-2022-24761 ==================================================================== 1. Summary: An update for python-waitress is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 16.1 - noarch 3. Description: Pure-python WSGI server Security Fix(es): * Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') (CVE-2022-24761) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2065086 - CVE-2022-24761 waitress: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') 6. Package List: Red Hat OpenStack Platform16.1: Source: python-waitress-2.0.0-1.el8ost.src.rpm noarch: python3-waitress-2.0.0-1.el8ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-24761 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYk28j9zjgjWX9erEAQgGkw//TQ94jRK4ihDobC0g0M4EoimN6jyB1ikS HB9zSIE29Mki73kjtrdSSgJiQvJPuCB0cEa9+2egYAvdHHLbiyjxfqt52wzIkb0n Jrf1KZPEeBFQBHwJklshYbaY26xufiTptEblkK0yZ1ghvJJBGZjr1b0q8TCg1P5x uB4+2/qB6ZoDU7qsOdu38IPn3oPgQ0+nXeucqTorzmJjpWgGYvGFKOfDAF80RNSo SYcvyuByDASYgNYJow5CPXYP8VvzIss5WRYkfWRx8YJ1etxJxfau+3/J//sDw0iM X9e5vStATeB5ucJRAB2EJDUqv5h9N4/g1FGHrfHhC780vglouR8HkQ7Y0/X73Aqe 73BcMt6j97nr5sFADgFck/FtLRtRwxeWR7lduaJXT0NoRccGPaOtLM83yCys8P/6 BBT+iA3p5/tZTR0SdV2wnR/J896HJyNcIXC+zgNoYr/xv5AZ+DEiOlvxE2M2mPXH YHna4YvZYD3eFCIbxn4umjLizDh7FW56OwPXG/aWb+wRbEeFIfmschFN79PQOpn3 nyvbP2zt4jmrZEszc6m0vm7iYZyvHL6tRGzTy6VJZDeX0SXDsUHwgKi17eHKT+Wp F2RdfVNEAGm1JwK/C9s6kgfdavjGTou9utpUlsojdJfLV7+amGMi0hbk3cDRQldW 9yD8ufVO3qw=8XXA -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 06, 2022
•Important
Red Hat
98
security advisorysecurity issuesoftware securityRedHat OpenStack 16.2: RHSA-2022-1253-01 Important: HTTP Smuggling
An update for python-waitress is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenStack Platform 16.2 (python-waitress) security update Advisory ID: RHSA-2022:1253-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:1253 Issue date: 2022-04-06 CVE Names: CVE-2022-24761 ==================================================================== 1. Summary: An update for python-waitress is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 16.2 - noarch 3. Description: Pure-python WSGI server Security Fix(es): * Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') (CVE-2022-24761) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2065086 - CVE-2022-24761 waitress: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') 6. Package List: Red Hat OpenStack Platform16.2: Source: python-waitress-2.0.0-1.el8ost.src.rpm noarch: python3-waitress-2.0.0-1.el8ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-24761 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYk1oGNzjgjWX9erEAQjteg/+Mt2AdQligq44W0Fsjq3icE0sr+1yuL6H pq6WCzXRxDMEnt2P3QsqB3UI6/6MC748hQ1siWJ1B61jOE7jowWW3n3KMIk8JbN3 BZ2KKtI6K+wq1AYwQYDgAN1SIWec/LI+amzr73mIn/C8nWDTpRmixntgtFbl6FzV /M1FN3c+1o8JR85ny7w5YjTg1A/ZAQAboKaXnDmkif3Wie1A4mByBVQnLVUHvjSb nqcacZEODSbfi+Q+ZRhY8BSMpAJH/RCkJm9LgMt5UF2N2o3Dz0jqlbzCy3uDwbNA 43S8OSG0CD2N39NMIMOHAERsAsiL3+zPE6fTR44/7dUk6J3YPVUdDLChwjyLISC1 a70fhyna0WBZ5Vaa9jimsCniaVKfdy2sksjWX4yJgi5V726aYX5EaVAFWXyh6rh3 FOg93Js9jx36R794S9qB1klGsld1Wv02xi+uce70fpT4qhbjBdbtqjObwupike3e dbiAWJe/bk2/QW04UPmUnobstdcutYNS3S5M799JhOqBwY1fFriUAK1k+APieBho AeTbfO3auuOALJibzr5oMJObycf9ZcnmWqkmjYIUfqnTcfY2nglf7HliLYzwOX2x r5Qo+0J0BQ8CrULyAQ6oACd8G7rdEGGHQDoPlQ179bI8jqWYGTupqlfK5X0ThkXu etPFvB5HZz8=bb0N -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 06, 2022
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!