USN-7115-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-7115-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7115-1.json

JSON Data

https://api.test.osv.dev/v1/vulns/USN-7115-1

Related

Published

2024-11-19T17:19:55.838614Z

Modified

2024-11-19T17:19:55.838614Z

Summary

Waitress vulnerabilities

Details

It was discovered that Waitress could process follow up requests when receiving a specially crafted message. An attacker could use this issue to have the server process inconsistent client requests. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-49768)

Dylan Jay discovered that Waitress could be lead to write to an unexisting socket after closing the remote connection. An attacker could use this issue to increase resource utilization leading to a denial of service. (CVE-2024-49769)

References

Affected packages

Ubuntu:20.04:LTS / waitress

Package

Name: waitress
Purl: pkg:deb/ubuntu/waitress?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.1-1ubuntu0.2

Affected versions

1.*

1.2.0~b2-2

1.3.1-4

1.4.1-1

1.4.1-1ubuntu0.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "1.4.1-1ubuntu0.2",
            "binary_name": "python-waitress-doc"
        },
        {
            "binary_version": "1.4.1-1ubuntu0.2",
            "binary_name": "python3-waitress"
        }
    ]
}

Ubuntu:22.04:LTS / waitress

Package

Name: waitress
Purl: pkg:deb/ubuntu/waitress?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.4-1.1ubuntu1.1

Affected versions

1.*

1.4.4-1.1

1.4.4-1.1ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "1.4.4-1.1ubuntu1.1",
            "binary_name": "python-waitress-doc"
        },
        {
            "binary_version": "1.4.4-1.1ubuntu1.1",
            "binary_name": "python3-waitress"
        }
    ]
}

Ubuntu:24.10 / waitress

Package

Name: waitress
Purl: pkg:deb/ubuntu/waitress?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.0-1ubuntu0.1

Affected versions

2.*

2.1.2-2

3.*

3.0.0-1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "3.0.0-1ubuntu0.1",
            "binary_name": "python-waitress-doc"
        },
        {
            "binary_version": "3.0.0-1ubuntu0.1",
            "binary_name": "python3-waitress"
        }
    ]
}

Ubuntu:Pro:24.04:LTS / waitress

Package

Name: waitress
Purl: pkg:deb/ubuntu/waitress?arch=src?distro=esm-apps/noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.2-2ubuntu0.1~esm1

Affected versions

2.*

2.1.2-2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "2.1.2-2ubuntu0.1~esm1",
            "binary_name": "python-waitress-doc"
        },
        {
            "binary_version": "2.1.2-2ubuntu0.1~esm1",
            "binary_name": "python3-waitress"
        }
    ]
}