UbuntuUpdates.org

Package "libapache2-mod-proxy-uwsgi"

Name: libapache2-mod-proxy-uwsgi

Description:

uwsgi proxy module for Apache2 (mod_uwsgi)

Latest version: 1.9.17.1-5ubuntu0.1
Release: trusty (14.04)
Level: security
Repository: universe
Head package: uwsgi
Homepage: http://projects.unbit.it/uwsgi/

Links


Download "libapache2-mod-proxy-uwsgi"


Other versions of "libapache2-mod-proxy-uwsgi" in Trusty

Repository Area Version
base universe 1.9.17.1-5build5
updates universe 1.9.17.1-5ubuntu0.1

Changelog

Version: 1.9.17.1-5ubuntu0.1 2018-10-01 14:06:44 UTC

  uwsgi (1.9.17.1-5ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2018-7490.patch: enforce php default document_root
      behaviour, to not show external files
    - CVE-2018-7490
  * SECURITY UPDATE: Stack buffer overflow in uwsgi_expand_path()
    - debian/patches/CVE-2018-6758.patch: improve uwsgi_expand_path() to
      sanitize input, avoiding stack corruption and potential security issue
    - CVE-2018-6758

 -- Mike Salvatore <email address hidden> Thu, 27 Sep 2018 14:05:42 -0400

CVE-2018-7490 uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.
CVE-2018-6758 The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.



About   -   Send Feedback to @ubuntu_updates