==========================================================================
Ubuntu Security Notice USN-4655-1
December 01, 2020
python-werkzeug vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Werkzeug.
Software Description:
– python-werkzeug: collection of utilities for WSGI applications (Python 2.x)
Details:
It was discovered that Werkzeug has insufficient debugger PIN randomness.
An attacker could use this issue to access sensitive information. This issue only
affected Ubuntu 18.04 LTS. (CVE-2019-14806)
It was discovered that Werkzeug incorrectly handled certain URLs.
An attacker could possibly use this issue to cause pishing attacks.
This issue only affected Ubuntu 16.04 LTS. (CVE-2020-28724)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
python-werkzeug 0.14.1+dfsg1-1ubuntu0.1
python3-werkzeug 0.14.1+dfsg1-1ubuntu0.1
Ubuntu 16.04 LTS:
python-werkzeug 0.10.4+dfsg1-1ubuntu1.2
python3-werkzeug 0.10.4+dfsg1-1ubuntu1.2
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4655-1
CVE-2019-14806, CVE-2020-28724
Package Information:
https://launchpad.net/ubuntu/+source/python-werkzeug/0.14.1+dfsg1-1ubuntu0.1
https://launchpad.net/ubuntu/+source/python-werkzeug/0.10.4+dfsg1-1ubuntu1.2
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl/GePIACgkQRbznW4QL
H2m/uA//Wn/Qcg4Cnfy9XFIR+hLouKPVYUfFXDvbN1cWBVioTNiIdxRYKxnkHvik
OIZ9Vxkeuu790UmndlkIggBYqeQ2DSrZVCiHuPRvXw6Nh4ZICoRlp25r/ztKv5Gq
9iFairZVKmhl1SjLm2QHjWBa8D6bs9OogqdOWd1mwOumS+4NDXbVl+yHkz77SKjW
6iIEZRTAwBy25M9TUguUIMr/iqcT9yJNy6pxqN6GLW8w8F+e3erzqzOIi+f/Hf/k
QvlSQRfql04vLZNW4aDceDzYj0VFWUCv9BUlsdHUcOCe2LBqTAZMIAOO3U8AMs+x
z2AOQyxH7Qutfgmud/YH5nqNTlCNg0X27ou98bsKwXsRnIAg1t7XZC/FxiTHcMZl
3TTzmVLxYyJif49CWl+JWBH5csxOfu+NLXVDE8QhTYkpXp5jGM56diyNdPuKS7wT
suw7sOLBwlF1N3ShTVKkqcug0hMI0AuDZuV2GWnoQdScvzIDreYpEWKOXLTRpsVL
QCSWJTSCsrvv3q1jJe3ynEhQ1mkTHMMUZuEQwenj/k5X0soCpVeQyhla2oF8/d7c
tg72edhUzl0Zxkd6xoy7/a4SpYTsUZO2ym4Wbn8m1B8xA030KoeQsf5mB7Tn1M+c
Q+m1uRTPdMQtCb4Fkz3eFD1Vv/+e9K8NcPmdg/PpxBJaqbEzNLE=
=DhJa
—–END PGP SIGNATURE—–
—