Explore top 10 tips to secure your open-source projects now. Read More
×Flask could be made to expose sensitive information over the network.. ========================================================================== Ubuntu Security Notice USN-8104-1 March 18, 2026 flask vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Flask could be made to expose sensitive information over the network. Software Description: - flask: Micro web framework based on Werkzeug and Jinja2 Details: Shourya Jaiswal discovered that Flask did not correctly mark certain web responses as user-specific. A remote attacker could possibly use this issue to obtain sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS python3-flask 3.0.2-1ubuntu1.1 Ubuntu 22.04 LTS python3-flask 2.0.1-2ubuntu1.2 Ubuntu 20.04 LTS python3-flask 1.1.1-2ubuntu0.1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8104-1 CVE-2026-27205 Package Information: https://launchpad.net/ubuntu/+source/flask/3.0.2-1ubuntu1.1 https://launchpad.net/ubuntu/+source/flask/2.0.1-2ubuntu1.2 . Flask could expose sensitive data over the network; immediate updates are necessary for Ubuntu users across several versions.. Flask security, Ubuntu advisory, sensitive data exposure, network security threat. . LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # python311-Flask-3.1.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:10264-1 Rating: moderate Cross-References: * CVE-2026-27205 CVSS scores: * CVE-2026-27205 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-27205 ( SUSE ): 6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the python311-Flask-3.1.3-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * python311-Flask 3.1.3-1.1 * python311-Flask-doc 3.1.3-1.1 * python312-Flask 3.1.3-1.1 * python312-Flask-doc 3.1.3-1.1 * python313-Flask 3.1.3-1.1 * python313-Flask-doc 3.1.3-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27205.html . Update for openSUSE Tumbleweed addresses moderate risk in Flask package CVE-2026-27205.. openSUSE Flask security moderate CVE-2026-27205. . LinuxSecurity.com Team
Update to 3.1.2. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-55e69c9cea 2025-09-09 01:28:38.281244+00:00 -------------------------------------------------------------------------------- Name : python-flask Product : Fedora 42 Version : 3.1.2 Release : 2.fc42 URL : https://flask.palletsprojects.com/en/stable/ Summary : A micro-framework for Python based on Werkzeug, Jinja 2 and good intentions Description : Flask is called a \u201cmicro-framework\u201d because the idea to keep the core simple but extensible. There is no database abstraction layer, no form validation or anything else where different libraries already exist that can handle that. However Flask knows the concept of extensions that can add this functionality into your application as if it was implemented in Flask itself. There are currently extensions for object relational mappers, form validation, upload handling, various open authentication technologies and more. -------------------------------------------------------------------------------- Update Information: Update to 3.1.2 -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 31 2025 Franti\u0161ek Zatloukal - 1:3.1.2-2 - Do some shuffling to work on f42 and epel10 * Sun Aug 31 2025 Franti\u0161ek Zatloukal - 1:3.1.2-1 - Update to 3.1.2 (RHBZ#2389601) * Fri Aug 15 2025 Python Maint - 1:3.1.1-4 - Rebuilt for Python 3.14.0rc2 bytecode * Fri Jul 25 2025 Fedora Release Engineering - 1:3.1.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Tue Jun 3 2025 Python Maint - 1:3.1.1-2 - Rebuilt for Python 3.14 * Tue May 20 2025 Karolina Surma - 1:3.1.1-1 - Update to 3.1.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2366240 - CVE-2025-47278 python-flask: Flask Session Signing Fallback Key Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2366240 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-55e69c9cea' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 42 has a major update for Python-Flask that fixes critical security vulnerabilities. Apply the update with `sudo dnf update python-flask` to safeguard your applications. Fedora Update, Python Flask, Security Fixes, Software Update. . LinuxSecurity.com Team
Update to flask-3.1.1.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-853e37285c 2025-05-30 01:14:13.237014+00:00 -------------------------------------------------------------------------------- Name : mingw-python-flask Product : Fedora 42 Version : 3.1.1 Release : 1.fc42 URL : https://palletsprojects.com/projects/itsdangerous/ Summary : MinGW Windows Python flask library Description : MinGW Windows Python flask. -------------------------------------------------------------------------------- Update Information: Update to flask-3.1.1. -------------------------------------------------------------------------------- ChangeLog: * Tue May 20 2025 Sandro Mani - 3.1.1-1 - Update to 3.1.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2366239 - CVE-2025-47278 mingw-python-flask: Flask Session Signing Fallback Key Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2366239 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-853e37285c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to flask-3.1.1.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-853e37285c 2025-05-30 01:14:13.237014+00:00 -------------------------------------------------------------------------------- Name : mingw-python-flit-core Product : Fedora 42 Version : 3.12.0 Release : 1.fc42 URL : https://pypi.org/project/flit-core/ Summary : MinGW Python flit_core library Description : MinGW Python flit_core library. -------------------------------------------------------------------------------- Update Information: Update to flask-3.1.1. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 28 2025 Sandro Mani - 3.12.0-1 - Update to 3.12.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2366239 - CVE-2025-47278 mingw-python-flask: Flask Session Signing Fallback Key Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2366239 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-853e37285c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Flask could be made to sign sessions with stale keys.. ========================================================================== Ubuntu Security Notice USN-7534-1 May 26, 2025 flask vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 Summary: Flask could be made to sign sessions with stale keys. Software Description: - flask: Micro web framework based on Werkzeug and Jinja2 Details: It was discovered that Flask incorrectly handled key rotation. An attacker could possibly use this issue to sign sessions with stale keys. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 python3-flask 3.1.0-2ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7534-1 CVE-2025-47278 Package Information: https://launchpad.net/ubuntu/+source/flask/3.1.0-2ubuntu1.1 . Keep updated with Ubuntu Security Notice USN-7534-2 concerning Flask session signing using deprecated keys.. Flask Security, Ubuntu Security Notice, Session Signing, Key Rotation, Software Vulnerabilities. . LinuxSecurity.com Team
It was discovered that Flask, a lightweight WSGI web application framework, will under certain conditions cache a response containing data intended for one client and subsequently may send the response to other clients. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3536-1
It was discovered that in some conditions the Flask web framework may disclose a session cookie. For the oldstable distribution (bullseye), this problem has been fixed . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5442-1
Get the latest Linux and open source security news straight to your inbox.