UbuntuUpdates.org

Package "uwsgi"

Name: uwsgi

Description:

fast, self-healing application container server

Latest version: 2.0.12-5ubuntu3.2
Release: xenial (16.04)
Level: updates
Repository: universe
Homepage: http://projects.unbit.it/uwsgi/

Links


Download "uwsgi"


Other versions of "uwsgi" in Xenial

Repository Area Version
base universe 2.0.12-5ubuntu3
security universe 2.0.12-5ubuntu3.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.0.12-5ubuntu3.2 2018-10-01 14:06:53 UTC

  uwsgi (2.0.12-5ubuntu3.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2018-7490.patch: enforce php default document_root
      behaviour, to not show external files
    - CVE-2018-7490
  * SECURITY UPDATE: Stack buffer overflow in uwsgi_expand_path()
    - debian/patches/CVE-2018-6758.patch: improve uwsgi_expand_path() to
      sanitize input, avoiding stack corruption and potential security issue
    - CVE-2018-6758

 -- Mike Salvatore <email address hidden> Thu, 27 Sep 2018 13:52:41 -0400

Source diff to previous version
CVE-2018-7490 uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.
CVE-2018-6758 The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.

Version: 2.0.12-5ubuntu3.1 2017-09-13 02:06:52 UTC

  uwsgi (2.0.12-5ubuntu3.1) xenial; urgency=medium

  * Re-add patch cherry-picked upstream to fix apache 2.4 integration
    with unix domain sockets (accidentally dropped in 2.0.12-1).
    LP: #1501854

 -- Stefano Rivera <email address hidden> Tue, 29 Aug 2017 13:02:59 -0700




About   -   Send Feedback to @ubuntu_updates