Ubuntu alert USN-6984-1 (python-webob)
| From: | "Leonidas S. Barbosa" <leo.barbosa@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-6984-1] WebOb vulnerability | |
| Date: | Mon, 02 Sep 2024 13:17:05 -0300 | |
| Message-ID: | <20240902161705.GA3142176@d4rkl41n> |
========================================================================== Ubuntu Security Notice USN-6984-1 September 02, 2024 python-webob vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: WebOb could be made to redirect of forward to undesired URLs. Software Description: - python-webob: Python module providing WSGI request and response objects Details: It was discovered that WebOb incorrectly handled certain URLs. An attacker could possibly use this issue to control a redirect or forward to another URL. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS python3-webob 1:1.8.7-1ubuntu0.1.24.04.1 Ubuntu 22.04 LTS python3-webob 1:1.8.6-1.1ubuntu0.1 Ubuntu 20.04 LTS python3-webob 1:1.8.5-2ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6984-1 CVE-2024-42353 Package Information: https://launchpad.net/ubuntu/+source/python-webob/1:1.8.7... https://launchpad.net/ubuntu/+source/python-webob/1:1.8.6... https://launchpad.net/ubuntu/+source/python-webob/1:1.8.5...
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmbV5P0ACgkQRbznW4QL H2lDUA/9GixsDQ9zOHDrB9/HRq1RIHqwg6KeojHOfFbrCJjSRYGdY1wxpsULm/Ic MO+BZ9X++5EiVvo3n616IIbfVrW7xXX3Wl+LH/mspusPc1Dq44nZC7jhFMmCU7Id 8hxoeyD13+qFpdXc61Vh+mrY4dUfXIw1YHI8Fh9Sa8iqVCegGXbEqGv+RG7ASDTc 6O0f66Q8YZ8QYvRlUJcUZnEae9NWfnyFOV4XV348TCkkmtHoHqoG6+dDWpEHKhtr viIsWBrtGqHi2X6aiBWhN41O4XMdwfbom2iiQ4bhp8+g+nIzQRs+gbsi4Qg6oB+N Fd0qDd27+aDAkQJDS+IuTh1EOBT+aZPKZANw3zF0m0gUqA+x6snRMeOVGK2H66yf A4Vd/V7YlTCqetTV0MQsV+d3qM4i1RcRutgvO/tzmND0Qb55JgQnd0miRjmzDzIQ AhWjag4fQOP/MsbAaY5BWWesa/0USk46ZWbYO1aJHeJ2l58C58nG/CxRgcGQHj4D iH0/4O8Do5mOmJjerJVXXld5iG+OB5B0zXtiTz+G5ltR/11CakjL9iJlLjnBKmeG Tq9zxQ6ulG6uO1DwWYB1rfr04OlaLBp14HeO8B6rxaByZvP78yCsDIxXdEjM7KZS it1JQ2RdF0pvjY3bm/Y7qWYcTI9KS0spyUx20nvNFyRJV96B1f4= =dLz0 -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)