openSUSE Security

Download

security@lists.opensuse.org

July 2023

1 participants
1 discussions

Re: SUSE-SU-2023:2263-2: important: Security update for python-Flask
by Marcus Meissner 21 Jul '23

21 Jul '23

Hi, I unsubscribed you from the list On Thu, Jul 20, 2023 at 07:26:21PM +0200, a.scheepens wrote: > Go away. Stop spamming me!!!Verzonden vanaf mijn Galaxy > -------- Oorspronkelijk bericht --------Van: security(a)lists.opensuse.org Datum: 20-07-2023 17:36 (GMT+01:00) Aan: security-announce(a)lists.opensuse.org Onderwerp: SUSE-SU-2023:2263-2: important: Security update for python-Flask > > > > > Security update for python-Flask > > > > > Announcement ID: > SUSE-SU-2023:2263-2 > > > > Rating: > important > > > References: > > > > > #1211246 > > > > > > > > > Cross-References: > > > > > > CVE-2023-30861 > > > > > > > CVSS scores: > > > > > CVE-2023-30861 > > ( > > SUSE > > ): > > 7.5 > CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N > > > > CVE-2023-30861 > > ( > > NVD > > ): > > 7.5 > CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N > > > > > > > > Affected Products: > > > > openSUSE Leap 15.5 > > > > > > > > An update that solves one vulnerability can now be installed. > > Description: > This update for python-Flask fixes the following issues: > > CVE-2023-30861: Fixed a potential cookie confusion due to incorrect > caching (bsc#1211246). > > > > > Patch Instructions: > > To install this SUSE Important update use the SUSE recommended > installation methods like YaST online_update or "zypper patch". > > Alternatively you can run the command listed for your product: > > > > > openSUSE Leap 15.5 > > > > zypper in -t patch openSUSE-SLE-15.5-2023-2263=1 > > > > > > > > Package List: > > > > > openSUSE Leap 15.5 (noarch) > > > python3-Flask-1.0.4-150400.3.3.1 > > python3-Flask-doc-1.0.4-150400.3.3.1 > > > > > > > > > References: > > > > > https://www.suse.com/security/cve/CVE-2023-30861.html > > > > > > https://bugzilla.suse.com/show_bug.cgi?id=1211246 > > > > > > -- Marcus Meissner (he/him), Distinguished Engineer / Senior Project Manager Security SUSE Software Solutions Germany GmbH, Frankenstrasse 146, 90461 Nuernberg, Germany GF: Ivo Totev, Andrew Myers, Andrew McDonald, Martje Boudien Moerman, HRB 36809, AG Nuernberg

1 0