==========================================================================
Ubuntu Security Notice USN-4378-1
June 01, 2020
flask vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 ESM
Summary:
Flask could be made to consume a large amount of memory if it
received a specially crafted input.
Software Description:
– flask: Micro web framework based on Werkzeug and Jinja2
Details:
It was discovered that Flask incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
python-flask 0.12.2-3ubuntu0.1
python3-flask 0.12.2-3ubuntu0.1
Ubuntu 16.04 LTS:
python-flask 0.10.1-2ubuntu0.1
python3-flask 0.10.1-2ubuntu0.1
Ubuntu 14.04 ESM:
python-flask 0.10.1-2ubuntu0.1~esm1
python3-flask 0.10.1-2ubuntu0.1~esm1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4378-1
CVE-2018-1000656
Package Information:
https://launchpad.net/ubuntu/+source/flask/0.12.2-3ubuntu0.1
https://launchpad.net/ubuntu/+source/flask/0.10.1-2ubuntu0.1
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl7VJy8ACgkQRbznW4QL
H2lAcQ//cTm8dIoCQeditd1klDBh7nYl4H9Y2AHTkYq1fI4zzvovHVEX3wvlrVp1
nZi+BhPeG7FOELtzmz+tUaSf2QnN+eyAdJMknidQfNByeQi59z1aPYKCF87Wldip
ve8GBbkRza8OlhM/gKkmM6an7rYbjLI0pToYfQPD0RUhXySc8r1B5FLpnB63DKGp
CQ4Cd4uUMHHD+yLfuLkmCFZZVExhP8RMpheakx8ftc6kOqMcHKRL3s8/GB4sO+LK
FctlGmCVPu4ti8KEckfd5gs1O4fXBy/5wSzm8q9U0boYXUOZHm/I0hWEPNJYecv0
PgpE0sqTokLGVvcCJ1ikXgUTiH1z86HRhZGXot5g20uNnlju1mENrNt4xGXy65He
cBxCliHGvjb0fS6v4PBw+Au/79SSYAby5WJpjYTMguYUIZmsdVVPbFztvXqKHEic
pITPPiX4bwHVwQNVOkpiLnqyAjG1yi54LmLwSztmQa4yWPxTdaoKgsT8Nirw8Kbs
NZ9jPVy8NSw1cMlKF0SRC4SGG4u3PoRC++h8fndi/HH5cKgSxzy8LIkr9n27yrFs
vdohNhnyFn3+VuP4tPrVY2w9CCS4rHnKH3AYlKT2hB7y3yG0YWuWLeaIGIX5R+58
qKKUCoF57PJbDoQe/gOKybmerjKfGQycwaw4DY0afTFWrYgNQMY=
=ZotM
—–END PGP SIGNATURE—–
—