Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 7 articles for you...
87
security advisorymoderateupdateUbuntu: USN-5439-1 Moderate: Flask Session Cookie Vulnerability
It was discovered that in some conditions the Flask web framework may disclose a session cookie. For the oldstable distribution (bullseye), this problem has been fixed . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5442-1
Jun 29, 2023
Debian
98
security advisoryRed HatcriticalRed Hat OpenShift 4.13.3 RHSA-2023:3536-01 Critical: Flask Cookie Issue
Red Hat OpenShift Container Platform release 4.13.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift Container Platform 4.13.3 packages and security update Advisory ID: RHSA-2023:3536-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:3536 Issue date: 2023-06-13 CVE Names: CVE-2023-30861 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.13.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Ironic content for Red Hat OpenShift Container Platform 4.13 - noarch Red Hat OpenShift Container Platform 4.13 - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.3. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHSA-2023:3537 Security Fix(es): * flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header (CVE-2023-30861) For more details about thesecurity issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/updating_clusters/updating-cluster-cli 4. Solution: For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes/ocp-4-13-release-notes 5. Bugs fixed (https://bugzilla.redhat.com/): 2196643 - CVE-2023-30861 flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header 6. Package List: Red Hat OpenShift Container Platform4.13: Source: cri-o-1.26.3-8.rhaos4.13.git9232b13.el8.src.rpm openshift-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el8.src.rpm openshift-ansible-4.13.0-202305301841.p0.g148be47.assembly.stream.el8.src.rpm openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el8.src.rpm aarch64: cri-o-1.26.3-8.rhaos4.13.git9232b13.el8.aarch64.rpm cri-o-debuginfo-1.26.3-8.rhaos4.13.git9232b13.el8.aarch64.rpm cri-o-debugsource-1.26.3-8.rhaos4.13.git9232b13.el8.aarch64.rpm openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el8.aarch64.rpm openshift-hyperkube-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el8.aarch64.rpm noarch: openshift-ansible-4.13.0-202305301841.p0.g148be47.assembly.stream.el8.noarch.rpm openshift-ansible-test-4.13.0-202305301841.p0.g148be47.assembly.stream.el8.noarch.rpm ppc64le: cri-o-1.26.3-8.rhaos4.13.git9232b13.el8.ppc64le.rpm cri-o-debuginfo-1.26.3-8.rhaos4.13.git9232b13.el8.ppc64le.rpm cri-o-debugsource-1.26.3-8.rhaos4.13.git9232b13.el8.ppc64le.rpm openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el8.ppc64le.rpm openshift-hyperkube-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el8.ppc64le.rpm s390x: cri-o-1.26.3-8.rhaos4.13.git9232b13.el8.s390x.rpm cri-o-debuginfo-1.26.3-8.rhaos4.13.git9232b13.el8.s390x.rpm cri-o-debugsource-1.26.3-8.rhaos4.13.git9232b13.el8.s390x.rpm openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el8.s390x.rpm openshift-hyperkube-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el8.s390x.rpm x86_64: cri-o-1.26.3-8.rhaos4.13.git9232b13.el8.x86_64.rpm cri-o-debuginfo-1.26.3-8.rhaos4.13.git9232b13.el8.x86_64.rpm cri-o-debugsource-1.26.3-8.rhaos4.13.git9232b13.el8.x86_64.rpm openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el8.x86_64.rpm openshift-clients-redistributable-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el8.x86_64.rpm openshift-hyperkube-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el8.x86_64.rpm Red Hat OpenShift Container Platform4.13: Source: NetworkManager-1.42.2-2.el9_2.src.rpm conmon-2.1.7-1.1.rhaos4.13.el9.src.rpm cri-o-1.26.3-9.rhaos4.13.git9232b13.el9.src.rpm openshift-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el9.src.rpm openshift-ansible-4.13.0-202305301841.p0.g148be47.assembly.stream.el9.src.rpm openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el9.src.rpm aarch64: NetworkManager-1.42.2-2.el9_2.aarch64.rpm NetworkManager-adsl-1.42.2-2.el9_2.aarch64.rpm NetworkManager-adsl-debuginfo-1.42.2-2.el9_2.aarch64.rpm NetworkManager-bluetooth-1.42.2-2.el9_2.aarch64.rpm NetworkManager-bluetooth-debuginfo-1.42.2-2.el9_2.aarch64.rpm NetworkManager-cloud-setup-1.42.2-2.el9_2.aarch64.rpm NetworkManager-cloud-setup-debuginfo-1.42.2-2.el9_2.aarch64.rpm NetworkManager-debuginfo-1.42.2-2.el9_2.aarch64.rpm NetworkManager-debugsource-1.42.2-2.el9_2.aarch64.rpm NetworkManager-libnm-1.42.2-2.el9_2.aarch64.rpm NetworkManager-libnm-debuginfo-1.42.2-2.el9_2.aarch64.rpm NetworkManager-libnm-devel-1.42.2-2.el9_2.aarch64.rpm NetworkManager-ovs-1.42.2-2.el9_2.aarch64.rpm NetworkManager-ovs-debuginfo-1.42.2-2.el9_2.aarch64.rpm NetworkManager-ppp-1.42.2-2.el9_2.aarch64.rpm NetworkManager-ppp-debuginfo-1.42.2-2.el9_2.aarch64.rpm NetworkManager-team-1.42.2-2.el9_2.aarch64.rpm NetworkManager-team-debuginfo-1.42.2-2.el9_2.aarch64.rpm NetworkManager-tui-1.42.2-2.el9_2.aarch64.rpm NetworkManager-tui-debuginfo-1.42.2-2.el9_2.aarch64.rpm NetworkManager-wifi-1.42.2-2.el9_2.aarch64.rpm NetworkManager-wifi-debuginfo-1.42.2-2.el9_2.aarch64.rpm NetworkManager-wwan-1.42.2-2.el9_2.aarch64.rpm NetworkManager-wwan-debuginfo-1.42.2-2.el9_2.aarch64.rpm conmon-2.1.7-1.1.rhaos4.13.el9.aarch64.rpm conmon-debuginfo-2.1.7-1.1.rhaos4.13.el9.aarch64.rpm conmon-debugsource-2.1.7-1.1.rhaos4.13.el9.aarch64.rpm cri-o-1.26.3-9.rhaos4.13.git9232b13.el9.aarch64.rpm cri-o-debuginfo-1.26.3-9.rhaos4.13.git9232b13.el9.aarch64.rpm cri-o-debugsource-1.26.3-9.rhaos4.13.git9232b13.el9.aarch64.rpm openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el9.aarch64.rpm openshift-hyperkube-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el9.aarch64.rpm noarch: NetworkManager-config-connectivity-redhat-1.42.2-2.el9_2.noarch.rpm NetworkManager-config-server-1.42.2-2.el9_2.noarch.rpm NetworkManager-dispatcher-routing-rules-1.42.2-2.el9_2.noarch.rpm NetworkManager-initscripts-updown-1.42.2-2.el9_2.noarch.rpm openshift-ansible-4.13.0-202305301841.p0.g148be47.assembly.stream.el9.noarch.rpm openshift-ansible-test-4.13.0-202305301841.p0.g148be47.assembly.stream.el9.noarch.rpm ppc64le: NetworkManager-1.42.2-2.el9_2.ppc64le.rpm NetworkManager-adsl-1.42.2-2.el9_2.ppc64le.rpm NetworkManager-adsl-debuginfo-1.42.2-2.el9_2.ppc64le.rpm NetworkManager-bluetooth-1.42.2-2.el9_2.ppc64le.rpm NetworkManager-bluetooth-debuginfo-1.42.2-2.el9_2.ppc64le.rpm NetworkManager-cloud-setup-1.42.2-2.el9_2.ppc64le.rpm NetworkManager-cloud-setup-debuginfo-1.42.2-2.el9_2.ppc64le.rpm NetworkManager-debuginfo-1.42.2-2.el9_2.ppc64le.rpm NetworkManager-debugsource-1.42.2-2.el9_2.ppc64le.rpm NetworkManager-libnm-1.42.2-2.el9_2.ppc64le.rpm NetworkManager-libnm-debuginfo-1.42.2-2.el9_2.ppc64le.rpm NetworkManager-libnm-devel-1.42.2-2.el9_2.ppc64le.rpm NetworkManager-ovs-1.42.2-2.el9_2.ppc64le.rpm NetworkManager-ovs-debuginfo-1.42.2-2.el9_2.ppc64le.rpm NetworkManager-ppp-1.42.2-2.el9_2.ppc64le.rpm NetworkManager-ppp-debuginfo-1.42.2-2.el9_2.ppc64le.rpm NetworkManager-team-1.42.2-2.el9_2.ppc64le.rpm NetworkManager-team-debuginfo-1.42.2-2.el9_2.ppc64le.rpm NetworkManager-tui-1.42.2-2.el9_2.ppc64le.rpm NetworkManager-tui-debuginfo-1.42.2-2.el9_2.ppc64le.rpm NetworkManager-wifi-1.42.2-2.el9_2.ppc64le.rpm NetworkManager-wifi-debuginfo-1.42.2-2.el9_2.ppc64le.rpm NetworkManager-wwan-1.42.2-2.el9_2.ppc64le.rpm NetworkManager-wwan-debuginfo-1.42.2-2.el9_2.ppc64le.rpm conmon-2.1.7-1.1.rhaos4.13.el9.ppc64le.rpm conmon-debuginfo-2.1.7-1.1.rhaos4.13.el9.ppc64le.rpm conmon-debugsource-2.1.7-1.1.rhaos4.13.el9.ppc64le.rpm cri-o-1.26.3-9.rhaos4.13.git9232b13.el9.ppc64le.rpm cri-o-debuginfo-1.26.3-9.rhaos4.13.git9232b13.el9.ppc64le.rpm cri-o-debugsource-1.26.3-9.rhaos4.13.git9232b13.el9.ppc64le.rpm openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el9.ppc64le.rpm openshift-hyperkube-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el9.ppc64le.rpm s390x: NetworkManager-1.42.2-2.el9_2.s390x.rpm NetworkManager-adsl-1.42.2-2.el9_2.s390x.rpm NetworkManager-adsl-debuginfo-1.42.2-2.el9_2.s390x.rpm NetworkManager-bluetooth-1.42.2-2.el9_2.s390x.rpm NetworkManager-bluetooth-debuginfo-1.42.2-2.el9_2.s390x.rpm NetworkManager-cloud-setup-1.42.2-2.el9_2.s390x.rpm NetworkManager-cloud-setup-debuginfo-1.42.2-2.el9_2.s390x.rpm NetworkManager-debuginfo-1.42.2-2.el9_2.s390x.rpm NetworkManager-debugsource-1.42.2-2.el9_2.s390x.rpm NetworkManager-libnm-1.42.2-2.el9_2.s390x.rpm NetworkManager-libnm-debuginfo-1.42.2-2.el9_2.s390x.rpm NetworkManager-libnm-devel-1.42.2-2.el9_2.s390x.rpm NetworkManager-ovs-1.42.2-2.el9_2.s390x.rpm NetworkManager-ovs-debuginfo-1.42.2-2.el9_2.s390x.rpm NetworkManager-ppp-1.42.2-2.el9_2.s390x.rpm NetworkManager-ppp-debuginfo-1.42.2-2.el9_2.s390x.rpm NetworkManager-team-1.42.2-2.el9_2.s390x.rpm NetworkManager-team-debuginfo-1.42.2-2.el9_2.s390x.rpm NetworkManager-tui-1.42.2-2.el9_2.s390x.rpm NetworkManager-tui-debuginfo-1.42.2-2.el9_2.s390x.rpm NetworkManager-wifi-1.42.2-2.el9_2.s390x.rpm NetworkManager-wifi-debuginfo-1.42.2-2.el9_2.s390x.rpm NetworkManager-wwan-1.42.2-2.el9_2.s390x.rpm NetworkManager-wwan-debuginfo-1.42.2-2.el9_2.s390x.rpm conmon-2.1.7-1.1.rhaos4.13.el9.s390x.rpm conmon-debuginfo-2.1.7-1.1.rhaos4.13.el9.s390x.rpm conmon-debugsource-2.1.7-1.1.rhaos4.13.el9.s390x.rpm cri-o-1.26.3-9.rhaos4.13.git9232b13.el9.s390x.rpm cri-o-debuginfo-1.26.3-9.rhaos4.13.git9232b13.el9.s390x.rpm cri-o-debugsource-1.26.3-9.rhaos4.13.git9232b13.el9.s390x.rpm openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el9.s390x.rpm openshift-hyperkube-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el9.s390x.rpm x86_64: NetworkManager-1.42.2-2.el9_2.x86_64.rpm NetworkManager-adsl-1.42.2-2.el9_2.x86_64.rpm NetworkManager-adsl-debuginfo-1.42.2-2.el9_2.x86_64.rpm NetworkManager-bluetooth-1.42.2-2.el9_2.x86_64.rpm NetworkManager-bluetooth-debuginfo-1.42.2-2.el9_2.x86_64.rpm NetworkManager-cloud-setup-1.42.2-2.el9_2.x86_64.rpm NetworkManager-cloud-setup-debuginfo-1.42.2-2.el9_2.x86_64.rpm NetworkManager-debuginfo-1.42.2-2.el9_2.x86_64.rpm NetworkManager-debugsource-1.42.2-2.el9_2.x86_64.rpm NetworkManager-libnm-1.42.2-2.el9_2.x86_64.rpm NetworkManager-libnm-debuginfo-1.42.2-2.el9_2.x86_64.rpm NetworkManager-libnm-devel-1.42.2-2.el9_2.x86_64.rpm NetworkManager-ovs-1.42.2-2.el9_2.x86_64.rpm NetworkManager-ovs-debuginfo-1.42.2-2.el9_2.x86_64.rpm NetworkManager-ppp-1.42.2-2.el9_2.x86_64.rpm NetworkManager-ppp-debuginfo-1.42.2-2.el9_2.x86_64.rpm NetworkManager-team-1.42.2-2.el9_2.x86_64.rpm NetworkManager-team-debuginfo-1.42.2-2.el9_2.x86_64.rpm NetworkManager-tui-1.42.2-2.el9_2.x86_64.rpm NetworkManager-tui-debuginfo-1.42.2-2.el9_2.x86_64.rpm NetworkManager-wifi-1.42.2-2.el9_2.x86_64.rpm NetworkManager-wifi-debuginfo-1.42.2-2.el9_2.x86_64.rpm NetworkManager-wwan-1.42.2-2.el9_2.x86_64.rpm NetworkManager-wwan-debuginfo-1.42.2-2.el9_2.x86_64.rpm conmon-2.1.7-1.1.rhaos4.13.el9.x86_64.rpm conmon-debuginfo-2.1.7-1.1.rhaos4.13.el9.x86_64.rpm conmon-debugsource-2.1.7-1.1.rhaos4.13.el9.x86_64.rpm cri-o-1.26.3-9.rhaos4.13.git9232b13.el9.x86_64.rpm cri-o-debuginfo-1.26.3-9.rhaos4.13.git9232b13.el9.x86_64.rpm cri-o-debugsource-1.26.3-9.rhaos4.13.git9232b13.el9.x86_64.rpm openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el9.x86_64.rpm openshift-clients-redistributable-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el9.x86_64.rpm openshift-hyperkube-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el9.x86_64.rpm Ironic content for Red Hat OpenShift Container Platform 4.13: Source: python-flask-2.0.1-4.el9.2.src.rpm noarch: python-flask-doc-2.0.1-4.el9.2.noarch.rpm python3-flask-2.0.1-4.el9.2.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are availablefrom https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-30861 https://access.redhat.com/security/updates/classification/#important https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes/ocp-4-13-release-notes 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZIlEuNzjgjWX9erEAQhzZw//dt8uX+TXD7vD7cyQwgzBw8K+7q/ZGx+/ iXzS5+ZmpJSnKgRpXjIDdWuErCxmaG3XNEla9VCNSY5tqrLLXA0tbA9IhiMFxutf uft7Qx/29UA7ROKSGBGT9Se2qP+3QC3E10vFYQ4OUqc+36fjoZF+EcxshkG3nQwh j9YaEnN2u10zz5OG19kJD2yfFF6bkc2Zk0twIX7B/xh4U7UObzzsDe9MrWtCRsqr AikryJs6Is7PnGPsfEQb7ZbeuaIkN74QoXTpO7+bsuTgIZMxnQXv7EaoB7JULAmT j/g0o1caIuC+MKkQTXQPPXnVzhrsQnEPo7oUYW+X1xFbXT+Nol46gnNSvetIeoAw YF9WwDEdHS3bQs8Rk+FsTPhGhnJ8cpPlmfDjkOFiWsxshDNULEGrHVMfT0CW2GaZ NP3En6nHsI4tbE/Ad4EFOmcSjTlwualSLLk6lgmh6ySbS9mZ4cy4JoBep8/VfajJ 2pWjLuQRlnTqflu9j0Pkcx19ZGRsUC3gYLUsRyD/Zu1+kUSMVy3Cl44YYZUiqAjN 13iWnZguP1rbVJSIz4sjC/MqHMBYeyv7lx8iLzx7RZsrWTbCW1ueYsW63XIjI0TD Robwqlz69Tge3t338Z6FArsFXZCKqAdPwhyQr490kcTkSNc/POp9AR4VkAnPpJxe 0I6IQfiKXeo=MVJf -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 14, 2023
•Critical
Red Hat
203
security advisorycriticalauthentication issueMageia 8: 2023-0193 Critical: Python-Flask Session Cookie Exposure
Client 'session' cookie sent to other clients (CVE-2023-30861) References: - https://bugs.mageia.org/show_bug.cgi?id=31953 - https://lists.suse.com/pipermail/sle-security-updates/2023-May/014935.html . MGASA-2023-0193 - Updated python-flask packages fix security vulnerability Publication date: 08 Jun 2023 URL: https://advisories.mageia.org/MGASA-2023-0193.html Type: security Affected Mageia releases: 8 CVE: CVE-2023-30861 Client 'session' cookie sent to other clients (CVE-2023-30861) References: - https://bugs.mageia.org/show_bug.cgi?id=31953 - https://lists.suse.com/pipermail/sle-security-updates/2023-May/014935.html - https://www.cve.org/CVERecord?id=CVE-2023-30861 SRPMS: - 8/core/python-flask-1.1.2-1.1.mga8 . Mageia 2023-0194 reveals an essential python-flask security patch mitigating potential client token leakage. Discover more!. Mageia Python-Flask Update, Security Cookie Issue, Authentication Flaw. . Severity: Critical. LinuxSecurity.com Team
Jun 08, 2023
•Critical
Mageia
98
security advisorysoftware updateRed Hat Enterprise LinuxRed Hat: RHSA-2023:3525 Critical: Python Flask Session Cookie Risk
An update for python-flask is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: python-flask security update Advisory ID: RHSA-2023:3525-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://access.redhat.com/errata/RHSA-2023:3525 Issue date: 2023-06-07 CVE Names: CVE-2023-30861 ==================================================================== 1. Summary: An update for python-flask is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux 7 Extras - noarch 3. Description: Flask is a lightweight but extensible web development framework for Python based on the Werkzeug WSGI toolkit, and the Jinja 2 template engine. Security Fix(es): * flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header (CVE-2023-30861) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2196643 - CVE-2023-30861 flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header 6. Package List: Red Hat Enterprise Linux 7Extras: Source: python-flask-0.10.1-7.el7_9.src.rpm noarch: python-flask-0.10.1-7.el7_9.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-30861 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZIBw+tzjgjWX9erEAQjDww//S0Ay3p4qP1Fgqkw8/bD8nMc9QtBH6bRo McQKI/qOpSg7l4qqX4/Dlvos2r1CElc0LboTyzJ0J3shx+klVfUmXLrfYgSs7Jw3 /ooZxJjutrdkvgez3norOuHQFqb418AUqmLSH2fDYtFNXlZyqSs08eo3xOsQf7N+ FdPii6tMuiSUHdAj4yhBzp60ThBCm6CNyVFQfjZSKTNDDwuoB3zZIdWpIDz2lxtd yAjLCMKGw4kHLmGO+c4OXEhHK4vbUqk6+3xuJ4elzc90seEodI61c88To6DUe4L3 BrZlfr3hugFefyl4wzRUYvSA9iJLmzdwbHUYpAQHZ90C2X63it66sEw3pdrflV80 yj/0Gz8iVL/SHXAyeSj5AEIBmsegCCwZZvZnFufUQptZBioAAQbNCSPYH2WXLVLL XBfSlLTPYd6Xo6bIQ3xFAdqEEKiaQ+vykOaUkYYEcXdE06CYcApLm+B6nZdJrSTd WvCy1G82DMEXNtAwrhULCcVHJOfx8v9xWKiKT71ipYvzj1MR2vvdnIuxbEfYHoiv TbVgX08ixx+vyd+w0rHJmWIe96Gyzy1LzGa0xEzyNVJLv1yz50TAVaJq3A8bkKuD zk93nnlEA9WGuc11313bG2QwLRu/wJUeoRy7TzyMIkTB9Es+Um6PgdbEGna0hHZ5 tmpg/ZT8uAU=P970 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 07, 2023
•Important
Red Hat
98
security advisoryRed HatimportantRed Hat 17.0 RHSA-2023:3440-01 Important: Session Cookie Issue
An update for python-flask is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenStack Platform 17.0 (python-flask) security update Advisory ID: RHSA-2023:3440-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:3440 Issue date: 2023-06-05 CVE Names: CVE-2023-30861 ==================================================================== 1. Summary: An update for python-flask is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 17.0 - noarch 3. Description: Flask is called a âmicro-frameworkâ because the idea to keep the core simple but extensible. There is no database abstraction layer, no form validation or anything else where different libraries already exist that can handle that. However Flask knows the concept of extensions that can add this functionality into your application as if it was implemented in Flask itself. There are currently extensions for object relational mappers, form validation, upload handling, various open authentication technologies and more. Security Fix(es): * Possible disclosure of permanent session cookie due to missing Vary: Cookie header (CVE-2023-30861) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to theCVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2196643 - CVE-2023-30861 flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header 6. Package List: Red Hat OpenStack Platform 17.0: Source: python-flask-1.1.2-6.el9ost.src.rpm noarch: python3-flask-1.1.2-6.el9ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-30861 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZH538dzjgjWX9erEAQhxqg/8DysCxcTh0YuNH19oiiaAi/7+77JHXXou FPeUpkKfeif2eWiAm4wJHKMLEOSQnFsgfEJcAk0bopl8OiANMV6d7e7/IH3mV5Eo ENEpzSa73CcB0ZGhk7DWa7mFh22nevh4a5a8wKU+PPEF4eHnIJzzl9K2hBvAwpZ/ D2oM3Z0UrtGJPw+2xbqSgJfaIubKhm4PZSgLnL92k6XmuPrVxTyDPrvrtfXjXgaU e9fjoMTO/Z0lotdFSZUyBJSNOKwoI3CTo/XZAfzv9FRyLVtiyP1CpUnvuHZqQKzs dqRjDBNtt0YU8d6koT/WhXHePf4HUndpScoypjoBFtTr0VAZIN3meGjjsv7f0x3b bc8Li7ARUmGS91canC0q+AX1POyJUnLj4clv3gDPFk/qlY9xg6kgt8r4Yl9hSI7O fDVS/f/L+4fZ+0QK+V4lDxzf7b9pFLbofTIDm3SvuNvIYjgb2I49CVCkpJqCNdzL HPywLWSsBRGcFeklDPlgOmTJ9y/U9y+e9/4GgZr42Y8MG+bUhq/eOoXa4zmmSh0N t9Kuy4bNMFcqHJvyGWTNS87uXE+jRhsg6W3iFwwrEQrc2IrQ10+/PKewWkqZgCTd ZtYgaIBaqlLVfrJEjkjKsIUhQGCAOEmqUnMsz5eY3Dja6NoPQziekHmwcJDZIDTi o0D9zApP3T8=OFiY -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 06, 2023
•Important
Red Hat
98
security advisorysecurity fiximportantRed Hat OpenStack 16.2: RHSA-2023-3444 Important: python-flask Session Risk
An update for python-flask is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenStack Platform 16.2 (python-flask) security update Advisory ID: RHSA-2023:3444-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:3444 Issue date: 2023-06-05 CVE Names: CVE-2023-30861 ==================================================================== 1. Summary: An update for python-flask is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 16.2 - noarch 3. Description: Flask is called a âmicro-frameworkâ because the idea to keep the core simple but extensible. There is no database abstraction layer, no form validation or anything else where different libraries already exist that can handle that. However Flask knows the concept of extensions that can add this functionality into your application as if it was implemented in Flask itself. There are currently extensions for object relational mappers, form validation, upload handling, various open authentication technologies and more. Security Fix(es): * Possible disclosure of permanent session cookie due to missing Vary: Cookie header (CVE-2023-30861) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to theCVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2196643 - CVE-2023-30861 flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header 6. Package List: Red Hat OpenStack Platform 16.2: Source: python-flask-1.0.2-8.el8ost.src.rpm noarch: python3-flask-1.0.2-8.el8ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-30861 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZH537NzjgjWX9erEAQhb1A//Qfz5x8mNLdNmdb0wcsAZBycpQxytYopx qzQvijFJ/sB7xLEFi0KflSq5vW6DQWJInHPgw93byddP5KkK1NgbnBGpaMfQJ0zL nBZ4pjWNVWUrJuDyQSzB5Q1Oy/sg8gfDDcyW4zvmaWtXdqxG69iEYKcMxkN8Jmkz LmdI13dIPsbV8rTmMMv3/U/s5UyQhr3gyEWyVXlVIs1lTCDl8EslMWXgvnvMbyFH 7jIWwQrNnncM3QyoWLnUiLjkuKzlIYMbJ15Zy5Wog9/zC6pZdd+vrTSHU1xHtKGL 24OTtP+vtsKsSUSaKburNkUNW9DI5irsUHTj3mBFYenXif3vC11xNTk47nR5Y08W ICXUUFpLNMdN56G5cNMWlWVDL/bB5rqcj1hA24PWw47foHRTusOmqSOnLsIqkOHd eF7Wa56cV9NBNYU8ptkvyim6diqWHlaizLYy0+u3CNECo9na4RbNsCpjYkwlS8xN 2I7xbje1sOYp/ZfVEivExPDFcbP2v2W9W4pSe5pwMAgPGFVzYT2+NFDvuM2EwmYZ ldvhYCC2m52PJEmP6Ln7+W+3qHsPFukFRku2vStbx80/aU5oS9qwvpleXm6kFIEu IL09wFXO2kqW3Kq4Y/2KVWwS2d2k+HG8ULaMjZKHJHZ3kEmFSvvXONXJIFG3zY5v i7BbHWKANm4=rTee -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 06, 2023
•Important
Red Hat
98
security advisorysecurity updateDoSRed Hat OpenStack 16.1 RHSA-2023-3446 Important: Session Cookie Disclosure
An update for python-flask is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenStack Platform 16.1 (python-flask) security update Advisory ID: RHSA-2023:3446-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:3446 Issue date: 2023-06-05 CVE Names: CVE-2023-30861 ==================================================================== 1. Summary: An update for python-flask is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 16.1 - noarch 3. Description: Flask is called a âmicro-frameworkâ because the idea to keep the core simple but extensible. There is no database abstraction layer, no form validation or anything else where different libraries already exist that can handle that. However Flask knows the concept of extensions that can add this functionality into your application as if it was implemented in Flask itself. There are currently extensions for object relational mappers, form validation, upload handling, various open authentication technologies and more. Security Fix(es): * Possible disclosure of permanent session cookie due to missing Vary: Cookie header (CVE-2023-30861) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to theCVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2196643 - CVE-2023-30861 flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header 6. Package List: Red Hat OpenStack Platform 16.1: Source: python-flask-1.0.2-8.el8ost.src.rpm noarch: python3-flask-1.0.2-8.el8ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-30861 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZH53pdzjgjWX9erEAQg8lw//b6uYgkWJ7vu0404JVWDmPmw4+UolL/Ne ugFYxIvCEsj7aBcv7hcUT/AzFbKSC+kmG2LPgNmXPxmoyxgvtmX5cmfJ3I2yx62r DleLwfKkmaPYFOQHu2EZEHUu+UrwMqQwOLm5Q+dZbfMuToZYGdG7k8ygKYbONK4l xzvYKHyyOYV6/sjO23qTgZMWl1OUibKJWcK0jmbw0W5uwZrbdLDy78i35Z9Lzmwz cAUF3SofkV3V2DizB2zIQ+WVyajdPtW3awOHu5Ss0Pf50e7rWuieuyWtgxM1OEHc TKFSdphhfUbbkSZDi1Yw66/SuMTa1NumbpHz9zAMwEquRyY00SFbpeEznc17GKoe 9sPgwwZj+BcbdUKZHA9qTlv4pWNPE+IqWtt7aD8KqqQYs3V+zYmdXjzDGvVXE18m SoG13W81uKOWYhn+ZOQetfFpOdIETA5j6tY+hg1cpofqpZ/m+SoqCuVxqRFQsR6H QqFlveWv/FIpfoQJvzpiGPIEUswyG8kAn4fxVU5oqweo20WWplz2foiTxCd6pldm 13DsPXTfqFiYXKfaxBjn7VhZ+3HIR8BZzLMj7E53/+B0fqC8KGGTWgsNDWmKe2sX toncwDU4Og8Qw848+fYZJbs3R3PrmJy8q40UWZHlKkcP1Qj0CEk6kB9K8F02zD7r EVc0Nlt1wsw=1E7v -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 06, 2023
•Important
Red Hat
87
security advisorydebiantomcatDebian: DSA-5381-1 Severe: Tomcat9 HTTP Attack Risks and Fixes
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2022-42252 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5381-1
Apr 05, 2023
•Important
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!