+- Linux Lite Forums (https://www.freecinema2022.gq/forums)
+-- Forum: General (https://www.freecinema2022.gq/forums/forumdisplay.php?fid=4)
+--- Forum: Security & Bug Fixes (https://www.freecinema2022.gq/forums/forumdisplay.php?fid=16)
+--- Thread: Ubuntu alert USN-3463-1 (python-werkzeug) (/showthread.php?tid=4580)
Ubuntu alert USN-3463-1 (python-werkzeug) - Moltke - 10-27-2017
Hi everyone! Hope you're all having a nice life!
I just found this while I was checking this site which I use to visit regularly and was wondering whether if this Ubuntu Alert USN-3463-1 Werkzeug vulnerability is something we should worry about and if so, has it been taken care of already?.
The security bulletin says:
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
It was discovered that Werkzeug did not properly handle certain web scripts. A remote attacker could use this to inject arbitrary code via a field that contains an exception message.
Update instructions: The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS:
python-werkzeug 0.10.4+dfsg1-1ubuntu1.1
python3-werkzeug 0.10.4+dfsg1-1ubuntu1.1
Ubuntu 14.04 LTS:
python-werkzeug 0.9.4+dfsg-1.1ubuntu2.1
python3-werkzeug 0.9.4+dfsg-1.1ubuntu2.1
Should we follow instructions as detailed on the bulletin and install the suggested package or are we having a LL update to resolve that?
Thanks in advance for your answers!
Re: Ubuntu alert USN-3463-1 (python-werkzeug) - Valtam - 10-27-2017
If you look at our package list on our Distrowatch page, you'll see what packages we ship by default.
Sent from my Mobile phone using Tapatalk
Re: Ubuntu alert USN-3463-1 (python-werkzeug) - Moltke - 10-27-2017
Hi [member=2]Jerry[/member].
The bulletin is dated on October 25, 2017.
![[Image: oiVokf9.png]](https://i.imgur.com/oiVokf9.png)
Re: Ubuntu alert USN-3463-1 (python-werkzeug) - Valtam - 10-27-2017
I did see that.
What I'm trying to get folks to do with regards to packages, is check the most current list here - https://distrowatch.com/table.php?distribution=lite&pkglist=true&version=3.6#pkglist
and see if that particular package is included by us in the ISO.
Therefore, if the package doesn't exist, there is no action to take. If the package does exist, I will give simple instructions on what to do.
Folks also need to be aware these kind of advisories appear all the time, so there can be an over-reporting of these. It's best to stick to the most important eg. the Heartbleed bug for OpenSSL is a good example of what to report.
Cheers
Re: Ubuntu alert USN-3463-1 (python-werkzeug) - Moltke - 10-27-2017
(10-27-2017, 11:19 AM)Jerry link Wrote: I did see that.
What I'm trying to get folks to do with regards to packages, is check the most current list here - https://distrowatch.com/table.php?distribution=lite&pkglist=true&version=3.6#pkglist
and see if that particular package is included by us in the ISO.
Therefore, if the package doesn't exist, there is no action to take. If the package does exist, I will give simple instructions on what to do.
Hi [member=2]Jerry[/member]
Thanks for the clarifying. I just checked the distrowatch list you shared and the mentioned package isn't on it.
Quote:be aware these kind of advisories appear all the time...It's best to stick to the most important eg. the Heartbleed bug for OpenSSL is a good example of what to report.
Cheers
Thanks for this helpful tip and the good advice too.
Cheers!
Re: Ubuntu alert USN-3463-1 (python-werkzeug) - Valtam - 10-28-2017
No problem