========================================================================== Ubuntu Security Notice USN-5948-1 March 13, 2023 python-werkzeug vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: Several security issues were fixed in Werkzeug. Software Description: - python-werkzeug: documentation for the werkzeug Python library (docs) Details: It was discovered that Werkzeug did not properly handle the parsing of nameless cookies. A remote attacker could possibly use this issue to shadow other cookies. (CVE-2023-23934) It was discovered that Werkzeug could be made to process unlimited number of multipart form data parts. A remote attacker could possibly use this issue to cause Werkzeug to consume resources, leading to a denial of service. (CVE-2023-25577) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: python3-werkzeug 2.0.2+dfsg1-3ubuntu0.22.10.1 Ubuntu 22.04 LTS: python3-werkzeug 2.0.2+dfsg1-1ubuntu0.22.04.1 Ubuntu 20.04 LTS: python3-werkzeug 0.16.1+dfsg1-2ubuntu0.1 Ubuntu 18.04 LTS: python-werkzeug 0.14.1+dfsg1-1ubuntu0.2 python3-werkzeug 0.14.1+dfsg1-1ubuntu0.2 Ubuntu 16.04 ESM: python-werkzeug 0.10.4+dfsg1-1ubuntu1.2+esm1 python3-werkzeug 0.10.4+dfsg1-1ubuntu1.2+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5948-1 CVE-2023-23934, CVE-2023-25577 Package Information: https://launchpad.net/ubuntu/+source/python-werkzeug/2.0.2+dfsg1-3ubuntu0.22.10.1 https://launchpad.net/ubuntu/+source/python-werkzeug/2.0.2+dfsg1-1ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/python-werkzeug/0.16.1+dfsg1-2ubuntu0.1 https://launchpad.net/ubuntu/+source/python-werkzeug/0.14.1+dfsg1-1ubuntu0.2