-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : uwsgi Version : 1.2.3+dfsg-5+deb7u2 CVE ID : CVE-2018-6758 Debian Bug : 889753
It was discovered that the uwsgi_expand_path function in utils.c in Unbit uWSGI, an application container server, has a stack-based buffer overflow via a large directory length that can cause a denial-of-service (application crash) or stack corruption. For Debian 7 "Wheezy", these problems have been fixed in version 1.2.3+dfsg-5+deb7u2. We recommend that you upgrade your uwsgi packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlp/a8dfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTfsw//ZgX2IMYXHH9vaw6xv6vk89J0w0Q0n460kxnnwKEr0J0eKMSwgbLFlu8F nrv25eE9YCPSI2thXnzNLL1wkV9pkcWS5w18RTxyIdnMPqa/b9wnsF4OOy/LsdY7 7cdWEyaDbpQtoCCvSO3hFp69RPshWgwfFspP3CBbv5yxkcYmeDPdNZrVYQrjAz5F /bsw5ylQChrc/HWzDRnnbxeEnxdOADewIwr4qQwV874oHDvppRWaLCz6fdYqrR9p NvY1BN7Kz3REv+z1giZtEIlHE640fLAwYd6UjJMqJMJzFjNwOCMTVhWlQb07Raj7 EAXKeqEDUYPhDeTxAbO3U7EtTKJT9WcSZdnZMokgax8ElB6uaDlSFmUo2HfxJl06 dPYZ4L/GZlPz/hZ8sy5NB5mRs8aS4ZA3982Z3iE4lOFA46UV87SdwSXahoacfmRh hWhACxE/NEnOcx1kwvXw2JNQgTQ93i0oIjhK0xLNz4jP5AV1lZdGDw6damid4Og9 K6EYE3++PrAkWTbTGoVXnEl/TUon5p+AhNBreuas0o1djlBVJGeJE3sxjvJ4kr/y 5zGP2sdJqe9JkVuQDDgGgZFByquxUA6r4HxhtKRBTVcrN6bTOnEKe1m2XRvXvo7E DhrWs5Slfc/5GfundSTkkb8A0Z/uCKTo19+d8T0hMZvlC9ouw0o= =g8YD -----END PGP SIGNATURE-----
