You are Here:
Download Linux Lite 5.6 RC1 for testing today - See Release Announcements



X Close Ad
X Close Ad
Ubuntu alert USN-3463-1 (python-werkzeug)

Author (Read 5807 times)

0 Members and 1 Guest are viewing this topic.

Ubuntu alert USN-3463-1 (python-werkzeug)
« on: October 26, 2017, 11:58:58 PM »
 

Moltke

  • Gold Level Poster
  • *******
  • 991
    Posts
  • Country: ve
  • Reputation: 112
  • Linux Lite Member

  • Linux Lite: 5.0 64bit

  • CPU: amd athlon 64 x2

  • MEMORY: 4Gb

  • VIDEO CARD: amd radeon hd 6750

  • Kernel: 5.x
Hi everyone! Hope you're all having a nice life! :)
I just found this while I was checking this site which I use to visit regularly and was wondering whether  if this Ubuntu Alert USN-3463-1 Werkzeug vulnerability is something we should worry about and if so, has it been taken care of already?.

The security bulletin  says:
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

It was discovered that Werkzeug did not properly handle certain web scripts. A remote attacker could use this to inject arbitrary code via a field that contains an exception message.

Update instructions: The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS:
 python-werkzeug          0.10.4+dfsg1-1ubuntu1.1
 python3-werkzeug        0.10.4+dfsg1-1ubuntu1.1

Ubuntu 14.04 LTS:   
python-werkzeug          0.9.4+dfsg-1.1ubuntu2.1
python3-werkzeug        0.9.4+dfsg-1.1ubuntu2.1


Should we follow instructions as detailed on the bulletin and install the suggested package or are we having a LL update to resolve that?
Thanks in advance for your answers! :)
Last Edit: October 27, 2017, 10:27:25 PM by Moltke
Without each others help there ain't no hope for us :)
Need a translation service? https://www.deepl.com/es/translator
 


Re: Ubuntu alert USN-3463-1 (python-werkzeug)
« Reply #1 on: October 27, 2017, 03:08:21 AM »
 

Jerry

  • Linux Lite Creator
  • Administrator
  • Platinum Level Poster
  • *****
  • 8081
    Posts
  • Country: nz
  • Reputation: 753
  • Linux Lite Member
    • Linux Lite OS

  • Linux Lite: 5.4 64bit

  • CPU: Intel Core i9-10850K CPU @ 3.60GHz

  • MEMORY: 32Gb

  • VIDEO CARD: nVidia GeForce GTX 1650

  • Kernel: 5.x
If you look at our package list on our Distrowatch page, you'll see what packages we ship by default.

Sent from my Mobile phone using Tapatalk

 

Re: Ubuntu alert USN-3463-1 (python-werkzeug)
« Reply #2 on: October 27, 2017, 05:46:59 AM »
 

Moltke

  • Gold Level Poster
  • *******
  • 991
    Posts
  • Country: ve
  • Reputation: 112
  • Linux Lite Member

  • Linux Lite: 5.0 64bit

  • CPU: amd athlon 64 x2

  • MEMORY: 4Gb

  • VIDEO CARD: amd radeon hd 6750

  • Kernel: 5.x
Hi @Jerry.
The bulletin is dated on October 25, 2017.

Without each others help there ain't no hope for us :)
Need a translation service? https://www.deepl.com/es/translator
 

Re: Ubuntu alert USN-3463-1 (python-werkzeug)
« Reply #3 on: October 27, 2017, 07:19:19 AM »
 

Jerry

  • Linux Lite Creator
  • Administrator
  • Platinum Level Poster
  • *****
  • 8081
    Posts
  • Country: nz
  • Reputation: 753
  • Linux Lite Member
    • Linux Lite OS

  • Linux Lite: 5.4 64bit

  • CPU: Intel Core i9-10850K CPU @ 3.60GHz

  • MEMORY: 32Gb

  • VIDEO CARD: nVidia GeForce GTX 1650

  • Kernel: 5.x
I did see that.

What I'm trying to get folks to do with regards to packages, is check the most current list here - https://distrowatch.com/table.php?distribution=lite&pkglist=true&version=3.6#pkglist

and see if that particular package is included by us in the ISO.

Therefore, if the package doesn't exist, there is no action to take. If the package does exist, I will give simple instructions on what to do.

Folks also need to be aware these kind of advisories appear all the time, so there can be an over-reporting of these. It's best to stick to the most important eg. the Heartbleed bug for OpenSSL is a good example of what to report.

Cheers :)
 

Re: Ubuntu alert USN-3463-1 (python-werkzeug)
« Reply #4 on: October 27, 2017, 05:36:42 PM »
 

Moltke

  • Gold Level Poster
  • *******
  • 991
    Posts
  • Country: ve
  • Reputation: 112
  • Linux Lite Member

  • Linux Lite: 5.0 64bit

  • CPU: amd athlon 64 x2

  • MEMORY: 4Gb

  • VIDEO CARD: amd radeon hd 6750

  • Kernel: 5.x
I did see that.

What I'm trying to get folks to do with regards to packages, is check the most current list here - https://distrowatch.com/table.php?distribution=lite&pkglist=true&version=3.6#pkglist

and see if that particular package is included by us in the ISO.

Therefore, if the package doesn't exist, there is no action to take. If the package does exist, I will give simple instructions on what to do.


Hi @Jerry
Thanks for the clarifying. I just checked the distrowatch list you shared and the mentioned package isn't on it.

Quote
be aware these kind of advisories appear all the time...It's best to stick to the most important eg. the Heartbleed bug for OpenSSL is a good example of what to report.
Cheers :)

Thanks for this helpful tip and the good advice too.
Cheers! :)
Without each others help there ain't no hope for us :)
Need a translation service? https://www.deepl.com/es/translator
 

Re: Ubuntu alert USN-3463-1 (python-werkzeug)
« Reply #5 on: October 27, 2017, 09:42:10 PM »
 

Jerry

  • Linux Lite Creator
  • Administrator
  • Platinum Level Poster
  • *****
  • 8081
    Posts
  • Country: nz
  • Reputation: 753
  • Linux Lite Member
    • Linux Lite OS

  • Linux Lite: 5.4 64bit

  • CPU: Intel Core i9-10850K CPU @ 3.60GHz

  • MEMORY: 32Gb

  • VIDEO CARD: nVidia GeForce GTX 1650

  • Kernel: 5.x
No problem :)
 


Tags:
 

X Close Ad
X Close Ad

Download Linux Lite 5.6 RC1 for testing today - See Release Announcements