2019-09-01
ALT-BU-2019-3911-1
Branch p9 update bulletin.
Closed bugs
Поправить зависимости
Package packagekit updated to version 1.1.12-alt8 for branch p9 in task 236906.
Closed bugs
разные с apt-get алгоритмы обновления системы (disttag)
Closed bugs
avrdude: can't open config file "/etc/avrdude/avrdude.conf": No such file or directory
Package python-module-werkzeug updated to version 0.15.5-alt1 for branch p9 in task 236927.
Closed vulnerabilities
Published: 2019-05-14
BDU:2020-01804
Уязвимость функции generate (src/werkzeug/debug/__init__.py) библиотеки веб-приложений Werkzeug, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2019-08-09
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-14806
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
- openSUSE-SU-2019:2118
- openSUSE-SU-2019:2118
- openSUSE-SU-2019:2145
- openSUSE-SU-2019:2145
- https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168
- https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168
- https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246
- https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246
- https://palletsprojects.com/blog/werkzeug-0-15-3-released/
- https://palletsprojects.com/blog/werkzeug-0-15-3-released/