Stay Secure with the Latest Linux Advisories

security advisorydenial of servicesecurity issue

Ubuntu 23.04 USN-5948-2: Python-Werkzeug Denial of Service Threat

Several security issues were fixed in Werkzeug.. =========================================================================Ubuntu Security Notice USN-5948-2 June 20, 2023 python-werkzeug vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 Summary: Several security issues were fixed in Werkzeug. Software Description: - python-werkzeug: collection of utilities for WSGI applications Details: USN-5948-1 fixed vulnerabilities in Werkzeug. This update provides the corresponding updates for Ubuntu 23.04. Original advisory details: It was discovered that Werkzeug did not properly handle the parsing of nameless cookies. A remote attacker could possibly use this issue to shadow other cookies. (CVE-2023-23934) It was discovered that Werkzeug could be made to process unlimited number of multipart form data parts. A remote attacker could possibly use this issue to cause Werkzeug to consume resources, leading to a denial of service. (CVE-2023-25577) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: python3-werkzeug 2.2.2-2ubuntu0.1 In general, a standard system update will make all the necessary changes. References: CVE-2023-23934, CVE-2023-25577 Package Information: https://launchpad.net/ubuntu/+source/python-werkzeug/2.2.2-2ubuntu0.1 . Numerous vulnerabilities fixed in python-werkzeug for Ubuntu 23.04. Ensure your system is updated to maintain security.. python-werkzeug,Ubuntu Security Notice,security issues. . Severity: Critical. LinuxSecurity.com Team

Jun 20, 2023 •Critical Ubuntu