SUSE-SU-2024:1624-2

Опубликовано: 18 июн. 2024

Источник: suse-cvrf

Описание

Security update for python-Werkzeug

This update for python-Werkzeug fixes the following issues:

CVE-2024-34069: Fixed a remote code execution through debugger when interacting with attacker controlled domain (bsc#1223979).

Список пакетов

Container suse/manager/5.0/x86_64/server:latest

python3-Werkzeug-1.0.1-150300.3.8.1

Image SLES15-SP4-Manager-Server-4-3

python3-Werkzeug-1.0.1-150300.3.8.1

Image SLES15-SP4-Manager-Server-4-3-Azure-llc

python3-Werkzeug-1.0.1-150300.3.8.1

Image SLES15-SP4-Manager-Server-4-3-Azure-ltd

python3-Werkzeug-1.0.1-150300.3.8.1

Image SLES15-SP4-Manager-Server-4-3-EC2-llc

python3-Werkzeug-1.0.1-150300.3.8.1

Image SLES15-SP4-Manager-Server-4-3-EC2-ltd

python3-Werkzeug-1.0.1-150300.3.8.1

Image server-image

python3-Werkzeug-1.0.1-150300.3.8.1

SUSE Linux Enterprise Module for Basesystem 15 SP6

python3-Werkzeug-1.0.1-150300.3.8.1

SUSE Linux Enterprise Module for Package Hub 15 SP6

python2-Werkzeug-1.0.1-150300.3.8.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20241624-2/
Link for SUSE-SU-2024:1624-2
https://lists.suse.com/pipermail/sle-updates/2024-June/035645.html
E-Mail link for SUSE-SU-2024:1624-2
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1223979
SUSE Bug 1223979
https://www.suse.com/security/cve/CVE-2024-34069/
SUSE CVE CVE-2024-34069 page

Описание

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger. This vulnerability is fixed in 3.0.3.

Затронутые продукты

Container suse/manager/5.0/x86_64/server:latest:python3-Werkzeug-1.0.1-150300.3.8.1

Image SLES15-SP4-Manager-Server-4-3-Azure-llc:python3-Werkzeug-1.0.1-150300.3.8.1

Image SLES15-SP4-Manager-Server-4-3-Azure-ltd:python3-Werkzeug-1.0.1-150300.3.8.1

Image SLES15-SP4-Manager-Server-4-3-EC2-llc:python3-Werkzeug-1.0.1-150300.3.8.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-34069.html
CVE-2024-34069
https://bugzilla.suse.com/1223979
SUSE Bug 1223979

SUSE-SU-2024:1624-2

Описание

Список пакетов

Container suse/manager/5.0/x86_64/server:latest

Image SLES15-SP4-Manager-Server-4-3

Image SLES15-SP4-Manager-Server-4-3-Azure-llc

Image SLES15-SP4-Manager-Server-4-3-Azure-ltd

Image SLES15-SP4-Manager-Server-4-3-EC2-llc

Image SLES15-SP4-Manager-Server-4-3-EC2-ltd

Image server-image

SUSE Linux Enterprise Module for Basesystem 15 SP6

SUSE Linux Enterprise Module for Package Hub 15 SP6

Ссылки

Уязвимость: CVE-2024-34069

Описание

Затронутые продукты

Ссылки