Alerts This Week
Warning Icon 1 1,123
Alerts This Week
Warning Icon 1 1,123

Fedora 40: FEDORA-2024-5abfdba2b7 critical: DoS in mingw-python-waitress

fedora
Calendar Grey November 28, 2024
Dist Fedora Esm H88
Fedora 40 addresses an important update for mingw-python-waitress to resolve significant CPU resource depletion problems stemming from backported changes.
Backport fixes for CVE-2024-49768 and CVE-2024-49769.

Summary

MinGW Windows Python waitress library.

Update Information:

Backport fixes for CVE-2024-49768 and CVE-2024-49769.

Topics%20covered

Topics Covered

security advisory update Fedora DoS performance issue request processing mingw-python-waitress

Change Log

* Tue Nov 19 2024 Sandro Mani - 2.1.2-7 - Backport fixes for CVE-2024-49768 and CVE-2024-49769

References


[ 1 ] Bug #2322474 - CVE-2024-49769 mingw-python-waitress: Waitress has a denial of service leading to high CPU usage/resource exhaustion [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2322474 [ 2 ] Bug #2322492 - CVE-2024-49768 mingw-python-waitress: request processing race condition in HTTP pipelining with invalid first request [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2322492

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-5abfdba2b7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: mingw-python-waitress
Product: Fedora 40
Version: 2.1.2
Release: 7.fc40
URL: https://github.com/Pylons/waitress
Summary: MinGW Windows Python waitress library

Topics%20covered

Topics Covered

security advisory update Fedora DoS performance issue request processing mingw-python-waitress

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here