Critical Bugfix for CVE-2026-25645 in Fedora Packages

Critical Bugfix for CVE-2026-25645 in Fedora Packages

First seen 24 May 2026, 07:33 UTC Linuxsecurity 92% similarity 57.9

Article Content

Browse articles
ThreatCluster

Fedora has released significant updates for the python-requests and python-pulp-glue packages to address CVE-2026-25645, which was published on 2026-03-25. This vulnerability allows the extraction of contents to a non-deterministic location, potentially enabling malicious file replacement. The updates include various bug fixes and improvements, particularly in handling malformed headers and authentication issues. Users of Fedora 43 are advised to upgrade their packages to mitigate risks associated with this vulnerability. The updates can be installed using the 'dnf' update program. The security advisory highlights the importance of addressing this issue promptly to maintain system integrity.

Key Points: • CVE-2026-25645 allows malicious file replacement via non-deterministic extraction. • Fedora 43 users are urged to update python-requests and python-pulp-glue packages. • The updates include fixes for malformed headers and authentication issues.

ThreatCluster AI

Timeline

2026-03-25
CVE-2026-25645 published
The vulnerability was disclosed, allowing for potential malicious file replacement in certain applications.
Linuxsecurity
2026-05-24
Fedora releases updates for python packages
Significant updates were released for python-requests and python-pulp-glue to fix CVE-2026-25645 and other issues.
Linuxsecurity

Community

Browse all →