[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2754-1] pywps security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2754-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Abhijith PA
September 04, 2021                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : pywps
Version        : 4.0.0-3+deb9u1
CVE ID         : CVE-2021-39371

An XML external entity (XXE) injection in pywps allows an attacker to 
view files on the application server filesystem by assigning a path 
to the entity. 

For Debian 9 stretch, this problem has been fixed in version
4.0.0-3+deb9u1.

We recommend that you upgrade your pywps packages.

For the detailed security status of pywps please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pywps

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmEzVWIACgkQhj1N8u2c
KO8l3A//aBYTDFgaNsPgCMUn+ipVY1/KOELbEpMOnXaww9fIwTNxBVPwrCQO7uej
yEdstbMGrZ23pB+2IxO+6ma/1Z+y5XWUHgtnOLE6Qfcafo+22O/8WRYeJgf1a7id
veKRQCspXVclFKnfkiPQb/Yr3BLE8m9OrAozRG7LUICE9ILKVpd5JQ8Qiexrhwp4
djWjPSdvDJWmRR4m30t8F4Y/gQK3DpNJrTZfWT5YPo6375JVDi+8FTfMyWWCHrMq
2tSDPyuA5ArZpsPCjRc2gfDy/OAjUpGoXMIqUbR/8lHZbO1Jqle+nb+Bj2kwBbR7
456dQQb03tvX+jhthyb6eXwvnngC0WhgpVqJ/QY+T5czZHLXDxxraCvzI80k+6w+
RGQ0uyO/b5UIwK70dfXNXAXio1dlw0o0IDqqY/AprqEbkMVBky0wKyiooeF56KsX
Xf+zSyS+eikn0PloaV0RaEntjYeyWMyHPZbvRvdygYsy0NbANoxxHHCShGYBg6mV
uAag4lhZ9qxzMrIIHtaR7ayVXqq7Sd7BHOvs2cAeJJWaLCzbAVIRL6v4EDxqMk+c
osNW/OhIgApcCIFg87CVPBhn7GwS1EcB+i8r3qiAhOFXW4MyLj55bf425BnJwVyo
MvE4OLLOq1WHy1gix4gKfLUIG3zU5kdYLL2FX+mUa2OuFUGLrsM=
=TdJO
-----END PGP SIGNATURE-----


Reply to: