Explore top 10 tips to secure your open-source projects now. Read More
×Several security issues were fixed in Requests.. ========================================================================== Ubuntu Security Notice USN-7568-1 June 16, 2025 requests vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Requests. Software Description: - requests: elegant and simple HTTP library for Python Details: Dennis Brinkrolf and Tobias Funke discovered that Requests did not correctly handle certain HTTP headers. A remote attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 14.04 LTS. (CVE-2023-32681) Juho Forsén discovered that Requests did not correctly parse URLs. A remote attacker could possibly use this issue to leak sensitive information. (CVE-2024-47081) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 python3-requests 2.32.3+dfsg-4ubuntu1.1 Ubuntu 24.10 python3-requests 2.32.3+dfsg-1ubuntu1.1 Ubuntu 24.04 LTS python3-requests 2.31.0+dfsg-1ubuntu1.1 Ubuntu 22.04 LTS python3-requests 2.25.1+dfsg-2ubuntu0.3 Ubuntu 20.04 LTS python3-requests 2.22.0-2ubuntu1.1+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS python-requests 2.18.4-2ubuntu0.1+esm2 Available with Ubuntu Pro python3-requests 2.18.4-2ubuntu0.1+esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS python-requests 2.9.1-3ubuntu0.1+esm2 Available with Ubuntu Pro python3-requests 2.9.1-3ubuntu0.1+esm2 Available with Ubuntu Pro Ubuntu 14.04 LTS python-requests 2.2.1-1ubuntu0.4+esm1 Available with Ubuntu Pro python-requests-whl 2.2.1-1ubuntu0.4+esm1 Available with Ubuntu Pro python3-requests 2.2.1-1ubuntu0.4+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7568-1 CVE-2023-32681, CVE-2024-47081 Package Information: https://launchpad.net/ubuntu/+source/requests/2.32.3+dfsg-4ubuntu1.1 https://launchpad.net/ubuntu/+source/requests/2.32.3+dfsg-1ubuntu1.1 https://launchpad.net/ubuntu/+source/requests/2.31.0+dfsg-1ubuntu1.1 https://launchpad.net/ubuntu/+source/requests/2.25.1+dfsg-2ubuntu0.3 . Multiple vulnerabilities addressed in Requests for Ubuntu, highlighting impacted versions along with the respective patches.. Ubuntu security, Requests library update, Python requests vulnerabilities. . LinuxSecurity.com Team
Update to requests-2.32.0, fixes CVE-2024-35195.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-efc4802051 2024-05-30 01:20:52.014066 -------------------------------------------------------------------------------- Name : mingw-python-requests Product : Fedora 40 Version : 2.32.0 Release : 1.fc40 URL : https://requests.readthedocs.io/en/latest/ Summary : MinGW Windows Python requests library Description : MinGW Windows Python requests. -------------------------------------------------------------------------------- Update Information: Update to requests-2.32.0, fixes CVE-2024-35195. -------------------------------------------------------------------------------- ChangeLog: * Tue May 21 2024 Sandro Mani - 2.32.0-1 - Update to 2.32.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2282133 - CVE-2024-35195 mingw-python-requests: subsequent requests to the same host ignore cert verification [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2282133 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-efc4802051' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Requests, a Python HTTP library, has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. . -------------------------------------------------------------------------Debian LTS Advisory DLA-3456-1
Requests could be made to expose sensitive information over the network.. =========================================================================Ubuntu Security Notice USN-6155-2 June 15, 2023 requests vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Requests could be made to expose sensitive information over the network. Software Description: - requests: elegant and simple HTTP library for Python Details: USN-6155-1 fixed a vulnerability in Requests. This update provides the corresponding update for Ubuntu 16.04 ESM and 18.04 ESM. Original advisory details: Dennis Brinkrolf and Tobias Funke discovered that Requests incorrectly leaked Proxy-Authorization headers. A remote attacker could possibly use this issue to obtain sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): python-requests 2.18.4-2ubuntu0.1+esm1 python3-requests 2.18.4-2ubuntu0.1+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): python-requests 2.9.1-3ubuntu0.1+esm1 python3-requests 2.9.1-3ubuntu0.1+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6155-2 https://ubuntu.com/security/notices/USN-6155-1 CVE-2023-32681 . Ubuntu USN-6156-3 tackles vulnerability exposing critical data. Users encouraged to update systems at risk.. Ubuntu Requests Update, Information Exposure, Security Notice, Network Issue. . LinuxSecurity.com Team
Requests could be made to expose sensitive information over the network.. =========================================================================Ubuntu Security Notice USN-6155-1 June 12, 2023 requests vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Requests could be made to expose sensitive information over the network. Software Description: - requests: elegant and simple HTTP library for Python Details: Dennis Brinkrolf and Tobias Funke discovered that Requests incorrectly leaked Proxy-Authorization headers. A remote attacker could possibly use this issue to obtain sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: python3-requests 2.28.1+dfsg-1ubuntu1.1 Ubuntu 22.10: python3-requests 2.27.1+dfsg-1ubuntu2.1 Ubuntu 22.04 LTS: python3-requests 2.25.1+dfsg-2ubuntu0.1 Ubuntu 20.04 LTS: python3-requests 2.22.0-2ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6155-1 CVE-2023-32681 Package Information: https://launchpad.net/ubuntu/+source/requests/2.28.1+dfsg-1ubuntu1.1 https://launchpad.net/ubuntu/+source/requests/2.27.1+dfsg-1ubuntu2.1 https://launchpad.net/ubuntu/+source/requests/2.25.1+dfsg-2ubuntu0.1 https://launchpad.net/ubuntu/+source/requests/2.22.0-2ubuntu1.1 . Strengthen your Ubuntu setup against the Requests vulnerability, a serious threat to sensitive network data, by following these steps to secure and update your system. Ubuntu Security, Python Requests, Network Security, Information Disclosure, Threat Mitigation. . LinuxSecurity.com Team
Requests could be made to expose sensitive information if it received a specially crafted HTTP header.. =========================================================================Ubuntu Security Notice USN-3790-2 October 22, 2018 requests vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.10 Summary: Requests could be made to expose sensitive information if it received a specially crafted HTTP header. Software Description: - requests: elegant and simple HTTP library for Python Details: USN-3790-1 fixed vulnerabilities in Requests. This update provides the corresponding update for Ubuntu 18.10 Original advisory details: It was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: python-requests 2.18.4-2ubuntu0.18.10.1 python3-requests 2.18.4-2ubuntu0.18.10.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3790-1 CVE-2018-18074 Package Information: https://launchpad.net/ubuntu/+source/requests/2.18.4-2ubuntu0.18.10.1 . =========================================================================Ubuntu Security Notice USN-. requests, expose, sensitive, information, received, specially, crafted, heade. . LinuxSecurity.com Team
Requests could be made to expose sensitive information if it received a specially crafted HTTP header.. =========================================================================Ubuntu Security Notice USN-3790-1 October 15, 2018 requests vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Requests could be made to expose sensitive information if it received a specially crafted HTTP header. Software Description: - requests: elegant and simple HTTP library for Python Details: It was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: python-requests 2.18.4-2ubuntu0.1 python3-requests 2.18.4-2ubuntu0.1 Ubuntu 16.04 LTS: python-requests 2.9.1-3ubuntu0.1 python3-requests 2.9.1-3ubuntu0.1 Ubuntu 14.04 LTS: python-requests 2.2.1-1ubuntu0.4 python-requests-whl 2.2.1-1ubuntu0.4 python3-requests 2.2.1-1ubuntu0.4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3790-1 CVE-2018-18074 Package Information: https://launchpad.net/ubuntu/+source/requests/2.18.4-2ubuntu0.1 https://launchpad.net/ubuntu/+source/requests/2.9.1-3ubuntu0.1 https://launchpad.net/ubuntu/+source/requests/2.2.1-1ubuntu0.4 . Ubuntu Security Update USN-3791-1 addresses a critical vulnerability in handling requests that could lead to unintended data exposure through speciallydesigned HTTP headers.. Requests Vulnerability, Ubuntu Security Advisory, Information Exposure, HTTP Header Exploit. . LinuxSecurity.com Team
Requests could be made to expose cookies over the network.. =========================================================================Ubuntu Security Notice USN-2531-1 March 16, 2015 requests vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS Summary: Requests could be made to expose cookies over the network. Software Description: - requests: elegant and simple HTTP library for Python Details: Matthew Daley discovered that Requests incorrectly handled cookies without host values when being redirected. A remote attacker could possibly use this issue to perform session fixation or cookie stealing attacks. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: python-requests 2.3.0-1ubuntu0.1 python3-requests 2.3.0-1ubuntu0.1 Ubuntu 14.04 LTS: python-requests 2.2.1-1ubuntu0.2 python3-requests 2.2.1-1ubuntu0.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2531-1 CVE-2015-2296 Package Information: https://launchpad.net/ubuntu/+source/requests/2.3.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/requests/2.2.1-1ubuntu0.2 . Network communications in Ubuntu might inadvertently reveal cookies, posing a risk of exploitation. Urgent patch advised.. Ubuntu Requests Vulnerability, Cookie Exposure, Session Fixation, Python HTTP Library, Security Advisory. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.