USN-5948-2: Werkzeug vulnerabilities

Read Time:27 Second

USN-5948-1 fixed vulnerabilities in Werkzeug. This update provides the
corresponding updates for Ubuntu 23.04.

Original advisory details:

It was discovered that Werkzeug did not properly handle the parsing of
nameless cookies. A remote attacker could possibly use this issue to
shadow other cookies. (CVE-2023-23934)

It was discovered that Werkzeug could be made to process unlimited number
of multipart form data parts. A remote attacker could possibly use this
issue to cause Werkzeug to consume resources, leading to a denial of
service. (CVE-2023-25577)

Smashing Security podcast #412: Signalgate sucks, and the quandary of quishing

WK Kellogg Confirms Data Breach Tied to Cleo Software Exploit

Precision-Validated Phishing Elevates Credential Theft Risks

Ransomware Attacks Hit All-Time High as Payoffs Dwindle

How to Leak to a Journalist

Three-Quarters of IT Leaders Fear Nation-State AI Cyber Threats

Microsoft Fixes Over 130 CVEs in April Patch Tuesday

NCSC Warns of Spyware Targeting Chinese and Taiwanese Diaspora

Patch Tuesday, April 2025 Edition

USN-5948-2: Werkzeug vulnerabilities

USN-7426-2: poppler vulnerabilities

fish-3.7.1-2.el9

USN-7429-2: Linux kernel (FIPS) vulnerabilities

USN-7429-1: Linux kernel vulnerabilities

USN-7428-2: Linux kernel (FIPS) vulnerabilities

USN-7428-1: Linux kernel vulnerabilities