USN-3463-1: Werkzeug vulnerability
USN-3463-1: Werkzeug vulnerability Ubuntu Security Notice USN-3463-1 25th October, 2017 python-werkzeug vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Werkzeug could be made to run arbitrary code if it opened a specially crafted file. Software description python-werkzeug – collection of utilities for WSGI applications Details It was discovered that Werkzeug did not properly handle certainweb scripts. A remote attacker could use this to inject arbitrarycode via a field that contains an exception message. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: python3-werkzeug 0.10.4+dfsg1-1ubuntu1.1 python-werkzeug 0.10.4+dfsg1-1ubuntu1.1 Ubuntu 14.04 LTS: python3-werkzeug 0.9.4+dfsg-1.1ubuntu2.1 python-werkzeug 0.9.4+dfsg-1.1ubuntu2.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-10516 Source: USN-3463-1: Werkzeug [ more… ]
