[SECURITY] [DLA 1275-1] uwsgi security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1275-1] uwsgi security update
From: Markus Koschany <apo@debian.org>
Date: Sat, 10 Feb 2018 23:01:44 +0100
Message-id: <[🔎] da572c07-1a2b-4624-412d-ed474731d2f2@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : uwsgi
Version        : 1.2.3+dfsg-5+deb7u2
CVE ID         : CVE-2018-6758
Debian Bug     : 889753

It was discovered that the uwsgi_expand_path function in utils.c in
Unbit uWSGI, an application container server, has a stack-based buffer
overflow via a large directory length that can cause a
denial-of-service (application crash) or stack corruption.

For Debian 7 "Wheezy", these problems have been fixed in version
1.2.3+dfsg-5+deb7u2.

We recommend that you upgrade your uwsgi packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlp/a8dfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeTfsw//ZgX2IMYXHH9vaw6xv6vk89J0w0Q0n460kxnnwKEr0J0eKMSwgbLFlu8F
nrv25eE9YCPSI2thXnzNLL1wkV9pkcWS5w18RTxyIdnMPqa/b9wnsF4OOy/LsdY7
7cdWEyaDbpQtoCCvSO3hFp69RPshWgwfFspP3CBbv5yxkcYmeDPdNZrVYQrjAz5F
/bsw5ylQChrc/HWzDRnnbxeEnxdOADewIwr4qQwV874oHDvppRWaLCz6fdYqrR9p
NvY1BN7Kz3REv+z1giZtEIlHE640fLAwYd6UjJMqJMJzFjNwOCMTVhWlQb07Raj7
EAXKeqEDUYPhDeTxAbO3U7EtTKJT9WcSZdnZMokgax8ElB6uaDlSFmUo2HfxJl06
dPYZ4L/GZlPz/hZ8sy5NB5mRs8aS4ZA3982Z3iE4lOFA46UV87SdwSXahoacfmRh
hWhACxE/NEnOcx1kwvXw2JNQgTQ93i0oIjhK0xLNz4jP5AV1lZdGDw6damid4Og9
K6EYE3++PrAkWTbTGoVXnEl/TUon5p+AhNBreuas0o1djlBVJGeJE3sxjvJ4kr/y
5zGP2sdJqe9JkVuQDDgGgZFByquxUA6r4HxhtKRBTVcrN6bTOnEKe1m2XRvXvo7E
DhrWs5Slfc/5GfundSTkkb8A0Z/uCKTo19+d8T0hMZvlC9ouw0o=
=g8YD
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1274-1] exim4 security update
Next by Date: [SECURITY] [DLA 1276-1] tomcat-native security update
Previous by thread: [SECURITY] [DLA 1274-1] exim4 security update
Next by thread: [SECURITY] [DLA 1276-1] tomcat-native security update
Index(es):
- Date
- Thread