python-flask-0.10.1-5.el7

エラータID: AXSA:2020-4499:01

Release date: 
Tuesday, March 17, 2020 - 20:44
Subject: 
python-flask-0.10.1-5.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

Flask is a lightweight but extensible web development framework for Python based on the Werkzeug WSGI toolkit, and the Jinja 2 template engine.

Security Fix(es):

* python-flask: Denial of Service via crafted JSON file (CVE-2018-1000656)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2018-1000656
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.

Solution: 

Update packages.

CVEs: 
CVE-2018-1000656
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.
Additional Info: 

N/A

Download: 

SRPMS
  1. python-flask-0.10.1-5.el7.src.rpm
    MD5: ec6f1fa2c0f6267c2285a49d23fa9dd6
    SHA-256: 12c83f2358a8d48f6c4b9df0aad94dd0840cb7e6e621e45ba0999f3769f1f965
    Size: 541.23 kB

Asianux Server 7 for x86_64
  1. python-flask-0.10.1-5.el7.noarch.rpm
    MD5: a82f8a4a47e1ede86039806ad57c899b
    SHA-256: 32fe820419e87f3b55006e98fa2e3dfd7643bb4a4c9fa67140f14efdea5ff325
    Size: 203.82 kB