Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 8 articles for you...
172
security advisorydenial of servicecriticalUbuntu 26.04 LTS Security Advisory USN-8379-1 Urllib3 Critical Issues
Several security issues were fixed in urllib3.. ========================================================================== Ubuntu Security Notice USN-8379-1 June 03, 2026 python-urllib3 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in urllib3. Software Description: - python-urllib3: HTTP library with thread-safe connection pooling Details: It was discovered that urllib3 incorrectly handled cross-origin redirects in ProxyManager. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-44431) It was discovered that urllib3 incorrectly handled decompression of specially crafted responses. A remote attacker could possibly use this issue to cause urllib3 to consume resources, leading to a denial of service. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-44432) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS python3-urllib3 2.6.3-1ubuntu1.1 Ubuntu 25.10 python3-urllib3 2.3.0-3ubuntu0.6 Ubuntu 24.04 LTS python3-urllib3 2.0.7-1ubuntu0.7 Ubuntu 22.04 LTS python3-urllib3 1.26.5-1~exp1ubuntu0.7 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8379-1 CVE-2026-44431, CVE-2026-44432 Package Information: https://launchpad.net/ubuntu/+source/python-urllib3/2.6.3-1ubuntu1.1 https://launchpad.net/ubuntu/+source/python-urllib3/2.3.0-3ubuntu0.6 https://launchpad.net/ubuntu/+source/python-urllib3/2.0.7-1ubuntu0.7 https://launchpad.net/ubuntu/+source/python-urllib3/1.26.5-1~exp1ubuntu0.7 . Multiple security issues in Ubuntu's urllib3 require immediate updates to prevent data exposure and denial of service..urllib3 security fix, ubuntu python urllib3 update, denial of service issue, cross-origin vulnerabilities. . Severity: Critical. LinuxSecurity.com Team
Jun 03, 2026
•Critical
Ubuntu
217
security advisorysecurity issueremote accessOracle Linux 8 python3.11-urllib3 Important Patch ELSA-2026-1224
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-1224 http://linux.oracle.com/errata/ELSA-2026-1224.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: python3.11-urllib3-1.26.12-6.el8_10.noarch.rpm aarch64: python3.11-urllib3-1.26.12-6.el8_10.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/python3.11-urllib3-1.26.12-6.el8_10.src.rpm Related CVEs: CVE-2025-66418 CVE-2025-66471 CVE-2026-21441 Description of changes: [1.26.12-6] - Security fix for CVE-2025-66471 - Security fix for CVE-2025-66418 - Security fix for CVE-2026-21441 Resolves: RHEL-140555, RHEL-139408 _______________________________________________ El-errata mailing list
Jan 28, 2026
•Important
Oracle
202
security advisorymoderateupdateopenSUSE Tumbleweed: python311-urllib3 Moderate Fix CVE-2026-21441
An update that solves one vulnerability can now be installed.. # python311-urllib3-2.6.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:10049-1 Rating: moderate Cross-References: * CVE-2026-21441 CVSS scores: * CVE-2026-21441 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-21441 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the python311-urllib3-2.6.3-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * python311-urllib3 2.6.3-1.1 * python312-urllib3 2.6.3-1.1 * python313-urllib3 2.6.3-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-21441.html . An update for openSUSE addresses Python urllib3 security issues with a moderate rating. Enhance your system stability now.. openSUSE Tumbleweed, Python urllib3, CVE Fix, Moderate Rating. . LinuxSecurity.com Team
Jan 15, 2026
OpenSUSE
172
security advisorydenial of servicecriticalUbuntu: urllib3 Critical DoS Regression USN-7927-2 CVE-2025-66471
USN-7927-1 introduced a regression in urllib3. ========================================================================== Ubuntu Security Notice USN-7927-2 January 12, 2026 python-urllib3 regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 25.04 - Ubuntu 24.04 LTS Summary: USN-7927-1 introduced a regression in urllib3 Software Description: - python-urllib3: HTTP library with thread-safe connection pooling Details: USN-7927-1 fixed vulnerabilities in urllib3. The update for CVE-2025-66471 introduced a regression in the zstd decompression component inside urllib3. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Illia Volochii discovered that urllib3 did not limit the steps in a decompression chain. An attacker could possibly use this issue to cause urllib3 to use excessive resources, causing a denial of service. (CVE-2025-66418) Rui Xi discovered that urllib3 incorrectly handled highly compressed data. An attacker could possibly use this issue to cause urllib3 to use excessive resources, causing a denial of service. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2025-66471) For the brotli encoding, the fix for CVE-2025-66471 requires an additional security update in the brotli package. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 python3-urllib3 2.3.0-3ubuntu0.3 Ubuntu 25.04 python3-urllib3 2.3.0-2ubuntu0.4 Ubuntu 24.04 LTS python3-urllib3 2.0.7-1ubuntu0.5 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7927-2 https://ubuntu.com/security/notices/USN-7927-1 CVE-2025-66471, https://launchpad.net/bugs/2136906 Package Information: https://launchpad.net/ubuntu/+source/python-urllib3/2.3.0-3ubuntu0.3 https://launchpad.net/ubuntu/+source/python-urllib3/2.3.0-2ubuntu0.4 https://launchpad.net/ubuntu/+source/python-urllib3/2.0.7-1ubuntu0.5 . Ubuntu has released a security advisory fixing urllib3 regression issues causing denial of service, impacting multiple releases.. python-urllib3, Ubuntu 25.10, Ubuntu 25.04, Ubuntu 24.04, Denial Of Service. . Severity: Critical. LinuxSecurity.com Team
Jan 12, 2026
•Critical
Ubuntu
172
security advisoryDoSUbuntuUbuntu: urllib3 Important Denial of Service CVE-2026-21441
urllib3 could be made to use excessive resources if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-7955-1 January 12, 2026 python-urllib3 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: urllib3 could be made to use excessive resources if it received specially crafted network traffic. Software Description: - python-urllib3: HTTP library with thread-safe connection pooling Details: It was discovered that urllib3 incorrectly handled decompression during HTTP redirects. An attacker could possibly use this issue to cause urllib3 to use excessive resources, causing a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 python3-urllib3 2.3.0-3ubuntu0.2 Ubuntu 25.04 python3-urllib3 2.3.0-2ubuntu0.3 Ubuntu 24.04 LTS python3-urllib3 2.0.7-1ubuntu0.4 Ubuntu 22.04 LTS python3-urllib3 1.26.5-1~exp1ubuntu0.5 Ubuntu 20.04 LTS python3-urllib3 1.25.8-2ubuntu0.4+esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7955-1 CVE-2026-21441 Package Information: https://launchpad.net/ubuntu/+source/python-urllib3/2.3.0-3ubuntu0.2 https://launchpad.net/ubuntu/+source/python-urllib3/2.3.0-2ubuntu0.3 https://launchpad.net/ubuntu/+source/python-urllib3/2.0.7-1ubuntu0.4 https://launchpad.net/ubuntu/+source/python-urllib3/1.26.5-1~exp1ubuntu0.5 . Update your Ubuntu system to fix the urllib3 resource exhaustion issue causing potential DoS attacks.. Ubuntu, urllib3, DoS, resource management. .Severity: Important. LinuxSecurity.com Team
Jan 12, 2026
•Important
Ubuntu
172
security advisorydenial of serviceUbuntuUbuntu 24.04 LTS: urllib3 Important DoS Vulnerabilities USN-7927-1
Several security issues were fixed in urllib3.. ========================================================================== Ubuntu Security Notice USN-7927-1 December 11, 2025 python-urllib3 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in urllib3. Software Description: - python-urllib3: HTTP library with thread-safe connection pooling Details: Illia Volochii discovered that urllib3 did not limit the steps in a decompression chain. An attacker could possibly use this issue to cause urllib3 to use excessive resources, causing a denial of service. (CVE-2025-66418) Rui Xi discovered that urllib3 incorrectly handled highly compressed data. An attacker could possibly use this issue to cause urllib3 to use excessive resources, causing a denial of service. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2025-66471) For the brotli encoding, the fix for CVE-2025-66471 requires an additional security update in the brotli package. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 python3-urllib3 2.3.0-3ubuntu0.1 Ubuntu 25.04 python3-urllib3 2.3.0-2ubuntu0.2 Ubuntu 24.04 LTS python3-urllib3 2.0.7-1ubuntu0.3 Ubuntu 22.04 LTS python3-urllib3 1.26.5-1~exp1ubuntu0.4 Ubuntu 20.04 LTS python3-urllib3 1.25.8-2ubuntu0.4+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7927-1 CVE-2025-66418, CVE-2025-66471 Package Information: https://launchpad.net/ubuntu/+source/python-urllib3/2.3.0-3ubuntu0.1 https://launchpad.net/ubuntu/+source/python-urllib3/2.3.0-2ubuntu0.2 https://launchpad.net/ubuntu/+source/python-urllib3/2.0.7-1ubuntu0.3 https://launchpad.net/ubuntu/+source/python-urllib3/1.26.5-1~exp1ubuntu0.4 . Several security issues in urllib3 for Ubuntu distributions fixed. Update necessary for continuous protection against risks.. Ubuntu Security, urllib3 Update, Python Security Issues, Denial of Service Protection. . Severity: Important. LinuxSecurity.com Team
Dec 11, 2025
•Important
Ubuntu
89
security advisoryfedoraupdateFedora 42: python-pip Important Urllib3 Security Fix CVE-2025-50181
Security fix for the bundled urllib3 for CVE-2025-50181 . -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-6d50efcd0c 2025-09-18 00:55:58.913997+00:00 -------------------------------------------------------------------------------- Name : python-pip Product : Fedora 42 Version : 24.3.1 Release : 5.fc42 URL : https://pip.pypa.io/en/stable/ Summary : A tool for installing and managing Python packages Description : pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index (PyPI). pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". -------------------------------------------------------------------------------- Update Information: Security fix for the bundled urllib3 for CVE-2025-50181 -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 11 2025 Miro Hron\u010dok - 24.3.1-5 - Security fix for the bundled urllib3 for CVE-2025-50181 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2373818 - CVE-2025-50181 python-pip: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2373818 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-6d50efcd0c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 42 users must secure their systems against CVE-2025-50181 by updating urllib3. Use dnf with the command to install the necessary security fix. python-pip Fedora update urllib3 CVE-2025-50181 package management. . Severity: Important. LinuxSecurity.com Team
Sep 18, 2025
•Important
Fedora
217
security advisorymoderateupdateOracle Linux 9: ELSA-2024-11238 moderate: python3.11-urllib3 security issue
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-11238 http://linux.oracle.com/errata/ELSA-2024-11238.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: python3.11-urllib3-1.26.12-2.el9_5.2.noarch.rpm aarch64: python3.11-urllib3-1.26.12-2.el9_5.2.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//python3.11-urllib3-1.26.12-2.el9_5.2.src.rpm Related CVEs: CVE-2023-45803 Description of changes: [1.26.12-2.2] - Security fix for CVE-2023-45803 Resolves: RHEL-66551 _______________________________________________ El-errata mailing list
Dec 20, 2024
•Important
Oracle
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!