RLSA-2024:8842 Moderate: python3.12-urllib3 security update

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: • Thread safety. • Connection pooling. • Client-side SSL/TLS verification. • File uploads with multipart encoding. • Helpers for retrying request...

Security update for java-21-openjdk

This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.5+13 October 2024 CPU Security fixes JDK-8307383: Enhance DTLS connections JDK-8311208: Improve CDS Support JDK-8328286, CVE-2024-21208, bsc1231702: Enhance HTTP client JDK-8328544, CVE-2024-21210,...

CVE-2024-51987

The CVE-2024-51987 issue affects Duende.AccessTokenManagement.OpenIdConnect, where HTTP clients created via AddUserAccessTokenHttpClient could emit a refreshed token associated with another user due to token capture in pooled HttpClient instances. Technical details across sources confirm the vuln...

CVE-2024-51987 HTTP Client uses incorrect token after refresh in Duende.AccessTokenManagement.OpenIdConnect

Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by AddUserAccessTokenHttpClient may use a different user's access token after a token refresh occurs. This occurs because a refreshed token will be captur...

HTTP Client uses incorrect token after refresh

Impact HTTP Clients created by AddUserAccessTokenHttpClient may use a different user's access token after a token refresh. This occurs because a refreshed token will be captured in pooled HttpClient instances, which may be used by a different user. Workarounds Instead of using...

Privilege Context Switching Error

Overview Duende.AccessTokenManagement.OpenIdConnect is a .NET library that manages OpenId Connect access tokens in ASP.NET Core applications. Affected versions of this package are vulnerable to Privilege Context Switching Error due to the improper handling of token refresh in pooled HttpClient...

UBUNTU-CVE-2024-50342

symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the NoPrivateNetworkHttpClient, some internal information is still leaking during host resolution, which leads to possible IP/port...

CVE-2024-50342

CVE-2024-50342 concerns Symfony’s http-client NoPrivateNetworkHttpClient leaking host resolution information, enabling possible IP/port enumeration. Affected versions before the fix include 5.4.46, 6.4.14, and 7.1.7. The underlying issue was mitigated by updating NoPrivateNetworkHttpClient to fil...

CVE-2024-50342 Internal address and port enumeration allowed by NoPrivateNetworkHttpClient in symfony/http-client

symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the NoPrivateNetworkHttpClient, some internal information is still leaking during host resolution, which leads to possible IP/port...

CVE-2024-50342

symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the NoPrivateNetworkHttpClient, some internal information is still leaking during host resolution, which leads to possible IP/port...

CVE-2024-50342 Internal address and port enumeration allowed by NoPrivateNetworkHttpClient in symfony/http-client

symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the NoPrivateNetworkHttpClient, some internal information is still leaking during host resolution, which leads to possible IP/port...

Moderate: Red Hat Security Advisory: python3.12-urllib3 security update

An update for python3.12-urllib3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ALSA-2024:8842 Moderate: python3.12-urllib3 security update

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: • Thread safety. • Connection pooling. • Client-side SSL/TLS verification. • File uploads with multipart encoding. • Helpers for retrying request...

Moderate: python3.12-urllib3 security update

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: • Thread safety. • Connection pooling. • Client-side SSL/TLS verification. • File uploads with multipart encoding. • Helpers for retrying request...

apache: cxf: org.apache.cxf:cxf-rt-transports-http: unrestricted memory consumption in CXF HTTP clients

A memory consumption flaw was found in Apache CXF. This issue may allow a CXF HTTP client conduit to prevent HTTPClient instances from being garbage collected, eventually causing the application to run out of memory...

apache: cxf: org.apache.cxf:cxf-rt-transports-http: unrestricted memory consumption in CXF HTTP clients

A memory consumption flaw was found in Apache CXF. This issue may allow a CXF HTTP client conduit to prevent HTTPClient instances from being garbage collected, eventually causing the application to run out of memory...

RHEL 6 / 7 : python27 (RHSA-2017:1162)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:1162 advisory. Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2024-2779)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RestClient Support for OAuth2 in Spring Security 6.4

In Spring Security 6.2 and 6.3, we have worked to steadily improve configuration for applications using OAuth2 Client. Configuration for common use cases has been simplified by allowing applications to publish beans which are automatically included in the overall OAuth2 Client configuration durin...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2024-2761)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...