You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa flask

Sigurnosni nedostatak programskog paketa flask

==========================================================================
Ubuntu Security Notice USN-4378-1
June 01, 2020

flask vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 ESM

Summary:

Flask could be made to consume a large amount of memory if it
received a specially crafted input.

Software Description:
– flask: Micro web framework based on Werkzeug and Jinja2

Details:

It was discovered that Flask incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
python-flask 0.12.2-3ubuntu0.1
python3-flask 0.12.2-3ubuntu0.1

Ubuntu 16.04 LTS:
python-flask 0.10.1-2ubuntu0.1
python3-flask 0.10.1-2ubuntu0.1

Ubuntu 14.04 ESM:
python-flask 0.10.1-2ubuntu0.1~esm1
python3-flask 0.10.1-2ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4378-1
CVE-2018-1000656

Package Information:
https://launchpad.net/ubuntu/+source/flask/0.12.2-3ubuntu0.1
https://launchpad.net/ubuntu/+source/flask/0.10.1-2ubuntu0.1
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl7VJy8ACgkQRbznW4QL
H2lAcQ//cTm8dIoCQeditd1klDBh7nYl4H9Y2AHTkYq1fI4zzvovHVEX3wvlrVp1
nZi+BhPeG7FOELtzmz+tUaSf2QnN+eyAdJMknidQfNByeQi59z1aPYKCF87Wldip
ve8GBbkRza8OlhM/gKkmM6an7rYbjLI0pToYfQPD0RUhXySc8r1B5FLpnB63DKGp
CQ4Cd4uUMHHD+yLfuLkmCFZZVExhP8RMpheakx8ftc6kOqMcHKRL3s8/GB4sO+LK
FctlGmCVPu4ti8KEckfd5gs1O4fXBy/5wSzm8q9U0boYXUOZHm/I0hWEPNJYecv0
PgpE0sqTokLGVvcCJ1ikXgUTiH1z86HRhZGXot5g20uNnlju1mENrNt4xGXy65He
cBxCliHGvjb0fS6v4PBw+Au/79SSYAby5WJpjYTMguYUIZmsdVVPbFztvXqKHEic
pITPPiX4bwHVwQNVOkpiLnqyAjG1yi54LmLwSztmQa4yWPxTdaoKgsT8Nirw8Kbs
NZ9jPVy8NSw1cMlKF0SRC4SGG4u3PoRC++h8fndi/HH5cKgSxzy8LIkr9n27yrFs
vdohNhnyFn3+VuP4tPrVY2w9CCS4rHnKH3AYlKT2hB7y3yG0YWuWLeaIGIX5R+58
qKKUCoF57PJbDoQe/gOKybmerjKfGQycwaw4DY0afTFWrYgNQMY=
=ZotM
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa Spring Boot

Otkriveni su sigurnosni nedostaci u programskom paketu Spring Boot za operacijski sustav Red Hat. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje...

Close