-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2768-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler September 29, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : uwsgi Version : 2.0.14+20161117-3+deb9u4 CVE ID : CVE-2021-36160 It was discovered that the uwsgi proxy module for Apache2 (mod_proxy_uwsgi) can read above the allocated memory when processing a request with a carefully crafted uri-path. An attacker may cause the server to crash (DoS). For Debian 9 stretch, this problem has been fixed in version 2.0.14+20161117-3+deb9u4. We recommend that you upgrade your uwsgi packages. For the detailed security status of uwsgi please refer to its security tracker page at: https://security-tracker.debian.org/tracker/uwsgi Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmFUv0AACgkQDTl9HeUl XjDOuA//bop1Nq/RmKCzx8VyWB5p9tpFdeLZhiT9V6/UvsvCSOPTptv28o5e+VOs UnWXU6PeQeTBCly8pVf4is00MLaD1bnzmSaT6LNc6mQpqICs23KB8yEFue7yJS21 QCTKGYwCWWjOwVQkVGBqQ+fr8ehEINhsxExxkVyrwTLOfsB4E2QM1XoorfJBT6dG cWtv5bdskb7ne+yRRvZfLbrJulXqXKcOmKtjMNjCJhuQ0fqQ+lbIVFe/OR4qmyRX WgDM1sT6k6fmLZuuLk2rRb3Mp7EB5sqKXrbEfaEOFjcTOoo3V/kU8Lh2ujUcBaJ2 SnYf7BoF8lr43K8831p8R2I33pKxTcQifE+Wvtoubo5RpNALdTLDZLlaE59V2IuR uVXKCoeM68pFSN1xOPOTd0SykVUMMcQqGLptIxGhVarc+qnXVhD3OtefkvD8anSE eXFtkzhoG5Q+n3TLKYDGy2xx7uLr6bVvrhkHQm4NVOMWcTVmhPdEkDkDojMVj5y2 jbHMxuA/NJ0EObHgtjuWX+rPwqBKtieG6t9ismr43zLta328WMSWOnLdc5Pb+R99 D9YxzQaF2vYG47kTL15UMc6EO/GG5wn7Q3zKy8/e9i0Z/Kso2NYa2mFs9jbMkxP1 Zc/uCRcXvXD1nqJ3KKAvjXsGT5MwYxKO/tpebom4yTnnDY+gVxI= =bh9b -----END PGP SIGNATURE-----
