Debian 11: DLA-4062-1 Critical: python-werkzeug Remote Code Execution
debian lts
February 21, 2025
It was discovered that there was a potential remote code execution vulnerability in python-werkzeug, a library used to create WSGI-based web applications in Python
Summary
This attack required the attacker to manipulate a developer into
interacting with a domain & subdomain they control as well as enter
the debugger PIN. But if successful, it would have allowed full
access to the debugger, even if the server was only running on
localhost.
For Debian 11 bullseye, this problem has been fixed in version
1.0.1+dfsg1-2+deb11u2.
We recommend that you upgrade your python-werkzeug packages.
For the detailed security status of python-werkzeug please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/python-werkzeug
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: python-werkzeug
Version: 1.0.1+dfsg1-2+deb11u2
CVE ID: CVE-2024-34069
Debian Bug: 1070711
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!