|
|
Subscribe / Log in / New account

Ubuntu alert USN-7503-1 (python-h11)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-7503-1] h11 vulnerability


Date:
              Thu, 08 May 2025 15:07:13 +0000


Message-ID:
              <E1uD2q9-00023y-32@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-7503-1
May 08, 2025

python-h11 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS

Summary:

python-h11 could be made to expose sensitive information over the
network.

Software Description:
- python-h11: Pure-Python, bring-your-own-I/O implementation of HTTP/1.1

Details:

Jeppe Bonde Weikop discovered that h11 incorrectly handled crafted HTTP
requests. A remote attacker could possibly use this issue to smuggle
malicious HTTP requests, which could potentially lead to security
control bypass and information leakage.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
  python3-h11                     0.14.0-1ubuntu0.24.10.1

Ubuntu 24.04 LTS
  python3-h11                     0.14.0-1ubuntu0.24.04.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7503-1
  CVE-2025-43859

Package Information:
  https://launchpad.net/ubuntu/+source/python-h11/0.14.0-1u...
  https://launchpad.net/ubuntu/+source/python-h11/0.14.0-1u...




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmgcvLYACgkQcpJm3tlz
hgE5+RAAnKEMFxCisusZW3djJsPVKThHr+HVYpVNZi+ZfoyMP+A55aAnYE/qewHx
YU3qhJ8nZsh6AVI2h6jecfsjF+n9OGe6OMKncVNsiwgTVOqb5cjZqr6BOoBUv/hy
bDadPYkjgbDtY6IbTHK1PPsbM8VsZEiKRLJfQ5hHlS6/3+SAzPGDWyY65BLObcu/
tV7Jo5sRSTzx5giLd7JcVoY/YxpBwfnC87UPdAOAjTWHk2Uvh6DivxvK1BU347A7
wKhpTa3Itks+5OpID3qLrUPgK9M2M8shiL0D2wARevGLy39VQUNmh47TkLFCcQkK
k0r9PCfyxVttxwI9sBitox8yP6gc8yLZS99LIiH9W18++UawrpktGt5DLRlC+F9z
YJY34S1XErijlMc84Ll/NZoCHjTEeiRoTYySP2kDf6Fz+ZPoVaoYHARiRexmKeqn
BYXWIVQYN7fpzpgHtSiDPFN4GivlofW4dDQVOOgR7BmMukhRA8i7NurX/66Uc5eb
17+4lGc53jODJiGS0mkavNvROtRMigJms7Nqdoo1d7j9ZI02JGtFWQrCw3xEMVqj
oQVi8hmS5dmG3ZZVI3cCnoAPAUfE6w2ur6uA9TS1MzmJ/V0iPPxqfTasGXFA55xN
YSqRGXvxuqp5ZiSy8I8l7IPq5Zgt7FYScC9E/cXnYbB4eJ0VvYA=
=lEBV
-----END PGP SIGNATURE-----




Attachment: None (type=text/plain)
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds