-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenStack Platform 17.0 (python-flask) security update Advisory ID: RHSA-2023:3440-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:3440 Issue date: 2023-06-05 CVE Names: CVE-2023-30861 ===================================================================== 1. Summary: An update for python-flask is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 17.0 - noarch 3. Description: Flask is called a “micro-framework” because the idea to keep the core simple but extensible. There is no database abstraction layer, no form validation or anything else where different libraries already exist that can handle that. However Flask knows the concept of extensions that can add this functionality into your application as if it was implemented in Flask itself. There are currently extensions for object relational mappers, form validation, upload handling, various open authentication technologies and more. Security Fix(es): * Possible disclosure of permanent session cookie due to missing Vary: Cookie header (CVE-2023-30861) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2196643 - CVE-2023-30861 flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header 6. Package List: Red Hat OpenStack Platform 17.0: Source: python-flask-1.1.2-6.el9ost.src.rpm noarch: python3-flask-1.1.2-6.el9ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-30861 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZH538dzjgjWX9erEAQhxqg/8DysCxcTh0YuNH19oiiaAi/7+77JHXXou FPeUpkKfeif2eWiAm4wJHKMLEOSQnFsgfEJcAk0bopl8OiANMV6d7e7/IH3mV5Eo ENEpzSa73CcB0ZGhk7DWa7mFh22nevh4a5a8wKU+PPEF4eHnIJzzl9K2hBvAwpZ/ D2oM3Z0UrtGJPw+2xbqSgJfaIubKhm4PZSgLnL92k6XmuPrVxTyDPrvrtfXjXgaU e9fjoMTO/Z0lotdFSZUyBJSNOKwoI3CTo/XZAfzv9FRyLVtiyP1CpUnvuHZqQKzs dqRjDBNtt0YU8d6koT/WhXHePf4HUndpScoypjoBFtTr0VAZIN3meGjjsv7f0x3b bc8Li7ARUmGS91canC0q+AX1POyJUnLj4clv3gDPFk/qlY9xg6kgt8r4Yl9hSI7O fDVS/f/L+4fZ+0QK+V4lDxzf7b9pFLbofTIDm3SvuNvIYjgb2I49CVCkpJqCNdzL HPywLWSsBRGcFeklDPlgOmTJ9y/U9y+e9/4GgZr42Y8MG+bUhq/eOoXa4zmmSh0N t9Kuy4bNMFcqHJvyGWTNS87uXE+jRhsg6W3iFwwrEQrc2IrQ10+/PKewWkqZgCTd ZtYgaIBaqlLVfrJEjkjKsIUhQGCAOEmqUnMsz5eY3Dja6NoPQziekHmwcJDZIDTi o0D9zApP3T8= =OFiY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce