-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2362-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta September 03, 2020 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : uwsgi Version : 2.0.14+20161117-3+deb9u3 CVE ID : CVE-2020-11984 Apache HTTP Server versions before 2.4.32 uses src:uwsgi where a flaw was discovered. The uwsgi protocol does not let us serialize more than 16K of HTTP header leading to resource exhaustion and denial of service. For Debian 9 stretch, this problem has been fixed in version 2.0.14+20161117-3+deb9u3. We recommend that you upgrade your uwsgi packages. For the detailed security status of uwsgi please refer to its security tracker page at: https://security-tracker.debian.org/tracker/uwsgi Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl9QHcUACgkQgj6WdgbD S5Z4Tg//f8iz3kwcw22bCCZaFk/EnhS2YeM01rRTGZ+oDcfootPjyvx9cGWnopJ5 S3OW0gWLFVA39ogfqjpRzB9CrOJzQPTi5J0gCAZAWeZotF7L9cVzTjidJsobJ0uP BBK+zlnxDSQxmO9IUjh+dgqcuj7oLeW4zDH2nVH/UQUPviHgl3XcaBAx9VNo3O5M +WC6GGlZPu2u6gZfvzflamRYK98jTpwInUI1CYtTYg51UIt+RjhxQdp60Z8tn4fK EFkne4iQ4/cK/U/RnjFjCT9E+4KznPWJAUKRb1qShcVv2ZDvruNl4ykQJou3Fq8N 0Dhu9ehFWANYb9urviJhwgbYnAj/JRyUluzcWHF3O8Z5mo+zON2FHohVZaKUnxgX q5scepLZIUxST4Rj25VPeU0aZL2T2MALMfeeTP0ChX/suswdfFg4W5+GPiJRwGvA OCPFVjqPDiRo8fYIj3byHJ5KYQWBLm/Nr/fp1zZg74FoeqBM0+QfWT6p+LOlVh9r 6s1IFCh9+rrA/JdOfk3ZYBsxOrbaEteCRZNAnQMqQJEVDUxV2tGKJ6sisgKvizFM wS+BTaco9/tQqZ6Fv3B4kchciPYZd640xchVBJF0GWgcvv5yiNNQ81imk3F1d1uh RwGf3+cFJv7bEN0xX6GkpCsdoyTVbRqrw+pQY9VWmt3pniqIQWE= =jOq7 -----END PGP SIGNATURE-----
