========================================================================== Ubuntu Security Notice USN-3463-1 October 25, 2017
python-werkzeug vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Werkzeug could be made to run arbitrary code if it opened a specially crafted file. Software Description: - python-werkzeug: collection of utilities for WSGI applications Details: It was discovered that Werkzeug did not properly handle certain web scripts. A remote attacker could use this to inject arbitrary code via a field that contains an exception message. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: python-werkzeug 0.10.4+dfsg1-1ubuntu1.1 python3-werkzeug 0.10.4+dfsg1-1ubuntu1.1 Ubuntu 14.04 LTS: python-werkzeug 0.9.4+dfsg-1.1ubuntu2.1 python3-werkzeug 0.9.4+dfsg-1.1ubuntu2.1 In general, a standard system update will make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3463-1 CVE-2016-10516 Package Information: https://launchpad.net/ubuntu/+source/python-werkzeug/0.10.4+dfsg1-1ub untu1.1 https://launchpad.net/ubuntu/+source/python-werkzeug/0.9.4+dfsg-1.1ub untu2.1
signature.asc
Description: This is a digitally signed message part
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce