web2py vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Several security issues were fixed in web2py.
Software Description
It was discovered that web2py does not properly check denied hosts before verifying passwords. An attacker could possibly use this issue to perform brute-force attacks. (CVE-2016-10321)
It was discovered that web2py allows remote attackers to obtain environment variable values. An attacker could possibly use this issue to gain administrative access. (CVE-2016-3952)
It was discovered that web2py uses a hardcoded encryption key. An attacker could possibly use this issue to execute arbitrary code. (CVE-2016-3953, CVE-2016-3954, CVE-2016-3957)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS
python-gluon - 2.12.3-1ubuntu0.1
python-web2py - 2.12.3-1ubuntu0.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
Continue reading...
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Several security issues were fixed in web2py.
Software Description
- web2py - High-level Python web development framework
It was discovered that web2py does not properly check denied hosts before verifying passwords. An attacker could possibly use this issue to perform brute-force attacks. (CVE-2016-10321)
It was discovered that web2py allows remote attackers to obtain environment variable values. An attacker could possibly use this issue to gain administrative access. (CVE-2016-3952)
It was discovered that web2py uses a hardcoded encryption key. An attacker could possibly use this issue to execute arbitrary code. (CVE-2016-3953, CVE-2016-3954, CVE-2016-3957)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS
python-gluon - 2.12.3-1ubuntu0.1
python-web2py - 2.12.3-1ubuntu0.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
Continue reading...
