11 matches found
RHSA-2026:32992 Red Hat Security Advisory: python3.12-urllib3 security update
Bulletin has no description...
SUSE-SU-2026:20665-1 Security update for python311
This update for python311 fixes the following issues: - CVE-2025-11468: preserving parens when folding comments in email headers. bsc1257029 - CVE-2026-0672: rejects control characters in http cookies. bsc1257031 - CVE-2026-0865: rejecting control characters in wsgiref.headers.Headers, which coul...
urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...
ALSA-2026:1239 Important: fence-agents security update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: urllib3: urllib3: Unbounded decompression chain leads to resource...
OESA-2026-1235 python-urllib3 security update
HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious...
CLSA-2024-1722527236 Fix CVE(s): CVE-2021-3733
SECURITY UPDATE: Regular Expression Denial of Service - debian/patches/CVE-2021-3733.patch: Fix ReDoS vulnerability in AbstractBasicAuthHandler class of Lib/urllib2.py - CVE-2021-3733...
SUSE CVE-2021-3733
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...
Debian DLA-1852-1 : python3.4 security update
The urllib library in Python ships support for a second, not well known URL scheme for accessing local files 'localfile://'. This scheme can be used to circumvent protections that try to block local file access and only block the well-known 'file://' schema. This update addresses the vulnerabilit...
Python Project urllib CRLF Injection (CVE-2019-9740)
A CRLF injection vulnerability exists in Python Project urllib library. Successful exploitation could allow attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks...
UBUNTU-CVE-2014-9365
The HTTP clients in the 1 httplib, 2 urllib, 3 urllib2, and 4 xmlrpclib libraries in CPython aka Python 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not a check the certificate against a trust store or verify that the server hostname matches a domain name in the subject'...
python, tkinter security update
CentOS Errata and Security Advisory CESA-2011:0491 Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...