UbuntuUpdates.org

Package "erlang-yaws"

Name: erlang-yaws

Description:

Erlang application which implements HTTP webserver

Latest version: 2.0.4+dfsg-2ubuntu0.1
Release: bionic (18.04)
Level: security
Repository: universe
Head package: yaws
Homepage: http://yaws.hyber.org/

Links


Download "erlang-yaws"


Other versions of "erlang-yaws" in Bionic

Repository Area Version
base universe 2.0.4+dfsg-2
updates universe 2.0.4+dfsg-2ubuntu0.1

Changelog

Version: 2.0.4+dfsg-2ubuntu0.1 2020-10-05 14:06:17 UTC

  yaws (2.0.4+dfsg-2ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: XXE injection
    - debian/patches/CVE-2020-24379.patch: Reject external entities in DAV
      requests
    - CVE-2020-24379
  * SECURITY UPDATE: OS command injection
    - debian/patches/CVE-2020-24916.patch: Sanitize CGI requests
    - CVE-2020-24916

 -- Mike Salvatore <email address hidden> Thu, 01 Oct 2020 08:49:36 -0400

CVE-2020-24379 WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.
CVE-2020-24916 CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.



About   -   Send Feedback to @ubuntu_updates