Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 495
Alerts This Week
Warning Icon 1 495

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":100,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -1 articles for you...
172

Ubuntu 25.04: USN-7568-1 critical: requests information leak

Several security issues were fixed in Requests.. ========================================================================== Ubuntu Security Notice USN-7568-1 June 16, 2025 requests vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Requests. Software Description: - requests: elegant and simple HTTP library for Python Details: Dennis Brinkrolf and Tobias Funke discovered that Requests did not correctly handle certain HTTP headers. A remote attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 14.04 LTS. (CVE-2023-32681) Juho Forsén discovered that Requests did not correctly parse URLs. A remote attacker could possibly use this issue to leak sensitive information. (CVE-2024-47081) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 python3-requests 2.32.3+dfsg-4ubuntu1.1 Ubuntu 24.10 python3-requests 2.32.3+dfsg-1ubuntu1.1 Ubuntu 24.04 LTS python3-requests 2.31.0+dfsg-1ubuntu1.1 Ubuntu 22.04 LTS python3-requests 2.25.1+dfsg-2ubuntu0.3 Ubuntu 20.04 LTS python3-requests 2.22.0-2ubuntu1.1+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS python-requests 2.18.4-2ubuntu0.1+esm2 Available with Ubuntu Pro python3-requests 2.18.4-2ubuntu0.1+esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS python-requests 2.9.1-3ubuntu0.1+esm2 Available with Ubuntu Pro python3-requests 2.9.1-3ubuntu0.1+esm2 Available with Ubuntu Pro Ubuntu 14.04 LTS python-requests 2.2.1-1ubuntu0.4+esm1 Available with Ubuntu Pro python-requests-whl 2.2.1-1ubuntu0.4+esm1 Available with Ubuntu Pro python3-requests 2.2.1-1ubuntu0.4+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7568-1 CVE-2023-32681, CVE-2024-47081 Package Information: https://launchpad.net/ubuntu/+source/requests/2.32.3+dfsg-4ubuntu1.1 https://launchpad.net/ubuntu/+source/requests/2.32.3+dfsg-1ubuntu1.1 https://launchpad.net/ubuntu/+source/requests/2.31.0+dfsg-1ubuntu1.1 https://launchpad.net/ubuntu/+source/requests/2.25.1+dfsg-2ubuntu0.3 . Multiple vulnerabilities addressed in Requests for Ubuntu, highlighting impacted versions along with the respective patches.. Ubuntu security, Requests library update, Python requests vulnerabilities. . LinuxSecurity.com Team

Calendar%202 Jun 16, 2025 Ubuntu
89

Fedora 40 FEDORA-2024-efc4802051 Critical: Request Cert Issue

Update to requests-2.32.0, fixes CVE-2024-35195.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-efc4802051 2024-05-30 01:20:52.014066 -------------------------------------------------------------------------------- Name : mingw-python-requests Product : Fedora 40 Version : 2.32.0 Release : 1.fc40 URL : https://requests.readthedocs.io/en/latest/ Summary : MinGW Windows Python requests library Description : MinGW Windows Python requests. -------------------------------------------------------------------------------- Update Information: Update to requests-2.32.0, fixes CVE-2024-35195. -------------------------------------------------------------------------------- ChangeLog: * Tue May 21 2024 Sandro Mani - 2.32.0-1 - Update to 2.32.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2282133 - CVE-2024-35195 mingw-python-requests: subsequent requests to the same host ignore cert verification [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2282133 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-efc4802051' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: . The mingw-python-requests package has been updated to address the security vulnerability identified as CVE-2024-35195 on Fedora 40.. mingw python requests update, fedora security advisory, cert issue fix. . LinuxSecurity.com Team

Calendar%202 May 30, 2024 Fedora
197

Debian 10: DLA-3456-1 Critical: requests Proxy-Authorization Leak

Requests, a Python HTTP library, has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. . -------------------------------------------------------------------------Debian LTS Advisory DLA-3456-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany June 18, 2023 https://wiki.debian.org/LTS -------------------------------------------------------------------------Package : requests Version : 2.21.0-1+deb10u1 CVE ID : CVE-2023-32681 Debian Bug : 1036693 Requests, a Python HTTP library, has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. For Debian 10 buster, this problem has been fixed in version 2.21.0-1+deb10u1. We recommend that you upgrade your requests packages. For the detailed security status of requests please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/requests Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . The DLA-3456-1 advisory for Debian Long Term Support tackles a vulnerability related to the Proxy-Authorizationheader exposure in Python Requests, risking confidential data. Debian Security, Python Requests, Proxy Leakage. . LinuxSecurity.com Team

Calendar%202 Jun 18, 2023 Debian LTS
172

Ubuntu 18.04 LTS, 16.04 LTS USN-6155-2 Moderate: Requests Info Leak

Requests could be made to expose sensitive information over the network.. =========================================================================Ubuntu Security Notice USN-6155-2 June 15, 2023 requests vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Requests could be made to expose sensitive information over the network. Software Description: - requests: elegant and simple HTTP library for Python Details: USN-6155-1 fixed a vulnerability in Requests. This update provides the corresponding update for Ubuntu 16.04 ESM and 18.04 ESM. Original advisory details: Dennis Brinkrolf and Tobias Funke discovered that Requests incorrectly leaked Proxy-Authorization headers. A remote attacker could possibly use this issue to obtain sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): python-requests 2.18.4-2ubuntu0.1+esm1 python3-requests 2.18.4-2ubuntu0.1+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): python-requests 2.9.1-3ubuntu0.1+esm1 python3-requests 2.9.1-3ubuntu0.1+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6155-2 https://ubuntu.com/security/notices/USN-6155-1 CVE-2023-32681 . Ubuntu USN-6156-3 tackles vulnerability exposing critical data. Users encouraged to update systems at risk.. Ubuntu Requests Update, Information Exposure, Security Notice, Network Issue. . LinuxSecurity.com Team

Calendar%202 Jun 15, 2023 Ubuntu
172

Ubuntu 23.04 LTS USN-6155-1 Critical: Requests Info Exposure

Requests could be made to expose sensitive information over the network.. =========================================================================Ubuntu Security Notice USN-6155-1 June 12, 2023 requests vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Requests could be made to expose sensitive information over the network. Software Description: - requests: elegant and simple HTTP library for Python Details: Dennis Brinkrolf and Tobias Funke discovered that Requests incorrectly leaked Proxy-Authorization headers. A remote attacker could possibly use this issue to obtain sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: python3-requests 2.28.1+dfsg-1ubuntu1.1 Ubuntu 22.10: python3-requests 2.27.1+dfsg-1ubuntu2.1 Ubuntu 22.04 LTS: python3-requests 2.25.1+dfsg-2ubuntu0.1 Ubuntu 20.04 LTS: python3-requests 2.22.0-2ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6155-1 CVE-2023-32681 Package Information: https://launchpad.net/ubuntu/+source/requests/2.28.1+dfsg-1ubuntu1.1 https://launchpad.net/ubuntu/+source/requests/2.27.1+dfsg-1ubuntu2.1 https://launchpad.net/ubuntu/+source/requests/2.25.1+dfsg-2ubuntu0.1 https://launchpad.net/ubuntu/+source/requests/2.22.0-2ubuntu1.1 . Strengthen your Ubuntu setup against the Requests vulnerability, a serious threat to sensitive network data, by following these steps to secure and update your system. Ubuntu Security, Python Requests, Network Security, Information Disclosure, Threat Mitigation. . LinuxSecurity.com Team

Calendar%202 Jun 12, 2023 Ubuntu
172

Ubuntu 18.10 USN-3790-2 Critical: Requests Sensitive Exposure

Requests could be made to expose sensitive information if it received a specially crafted HTTP header.. =========================================================================Ubuntu Security Notice USN-3790-2 October 22, 2018 requests vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.10 Summary: Requests could be made to expose sensitive information if it received a specially crafted HTTP header. Software Description: - requests: elegant and simple HTTP library for Python Details: USN-3790-1 fixed vulnerabilities in Requests. This update provides the corresponding update for Ubuntu 18.10 Original advisory details: It was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: python-requests 2.18.4-2ubuntu0.18.10.1 python3-requests 2.18.4-2ubuntu0.18.10.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3790-1 CVE-2018-18074 Package Information: https://launchpad.net/ubuntu/+source/requests/2.18.4-2ubuntu0.18.10.1 . =========================================================================Ubuntu Security Notice USN-. requests, expose, sensitive, information, received, specially, crafted, heade. . LinuxSecurity.com Team

Calendar%202 Oct 22, 2018 Ubuntu
172

Ubuntu 18.04 LTS USN-3790-1 High: Requests Info Exposure

Requests could be made to expose sensitive information if it received a specially crafted HTTP header.. =========================================================================Ubuntu Security Notice USN-3790-1 October 15, 2018 requests vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Requests could be made to expose sensitive information if it received a specially crafted HTTP header. Software Description: - requests: elegant and simple HTTP library for Python Details: It was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: python-requests 2.18.4-2ubuntu0.1 python3-requests 2.18.4-2ubuntu0.1 Ubuntu 16.04 LTS: python-requests 2.9.1-3ubuntu0.1 python3-requests 2.9.1-3ubuntu0.1 Ubuntu 14.04 LTS: python-requests 2.2.1-1ubuntu0.4 python-requests-whl 2.2.1-1ubuntu0.4 python3-requests 2.2.1-1ubuntu0.4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3790-1 CVE-2018-18074 Package Information: https://launchpad.net/ubuntu/+source/requests/2.18.4-2ubuntu0.1 https://launchpad.net/ubuntu/+source/requests/2.9.1-3ubuntu0.1 https://launchpad.net/ubuntu/+source/requests/2.2.1-1ubuntu0.4 . Ubuntu Security Update USN-3791-1 addresses a critical vulnerability in handling requests that could lead to unintended data exposure through speciallydesigned HTTP headers.. Requests Vulnerability, Ubuntu Security Advisory, Information Exposure, HTTP Header Exploit. . LinuxSecurity.com Team

Calendar%202 Oct 15, 2018 Ubuntu
172

Ubuntu 14.04 LTS & 14.10: USN-2531-1 Critical: Requests Cookie Exposure

Requests could be made to expose cookies over the network.. =========================================================================Ubuntu Security Notice USN-2531-1 March 16, 2015 requests vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS Summary: Requests could be made to expose cookies over the network. Software Description: - requests: elegant and simple HTTP library for Python Details: Matthew Daley discovered that Requests incorrectly handled cookies without host values when being redirected. A remote attacker could possibly use this issue to perform session fixation or cookie stealing attacks. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: python-requests 2.3.0-1ubuntu0.1 python3-requests 2.3.0-1ubuntu0.1 Ubuntu 14.04 LTS: python-requests 2.2.1-1ubuntu0.2 python3-requests 2.2.1-1ubuntu0.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2531-1 CVE-2015-2296 Package Information: https://launchpad.net/ubuntu/+source/requests/2.3.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/requests/2.2.1-1ubuntu0.2 . Network communications in Ubuntu might inadvertently reveal cookies, posing a risk of exploitation. Urgent patch advised.. Ubuntu Requests Vulnerability, Cookie Exposure, Session Fixation, Python HTTP Library, Security Advisory. . LinuxSecurity.com Team

Calendar%202 Mar 16, 2015 Ubuntu
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":100,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200