USN-7115-1

Source
https://ubuntu.com/security/notices/USN-7115-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7115-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-7115-1
Related
Published
2024-11-19T17:19:55.838614Z
Modified
2024-11-19T17:19:55.838614Z
Summary
Waitress vulnerabilities
Details

It was discovered that Waitress could process follow up requests when receiving a specially crafted message. An attacker could use this issue to have the server process inconsistent client requests. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-49768)

Dylan Jay discovered that Waitress could be lead to write to an unexisting socket after closing the remote connection. An attacker could use this issue to increase resource utilization leading to a denial of service. (CVE-2024-49769)

References

Affected packages

Ubuntu:20.04:LTS / waitress

Package

Name
waitress
Purl
pkg:deb/ubuntu/waitress?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.1-1ubuntu0.2

Affected versions

1.*

1.2.0~b2-2
1.3.1-4
1.4.1-1
1.4.1-1ubuntu0.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "1.4.1-1ubuntu0.2",
            "binary_name": "python-waitress-doc"
        },
        {
            "binary_version": "1.4.1-1ubuntu0.2",
            "binary_name": "python3-waitress"
        }
    ]
}

Ubuntu:22.04:LTS / waitress

Package

Name
waitress
Purl
pkg:deb/ubuntu/waitress?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.4-1.1ubuntu1.1

Affected versions

1.*

1.4.4-1.1
1.4.4-1.1ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "1.4.4-1.1ubuntu1.1",
            "binary_name": "python-waitress-doc"
        },
        {
            "binary_version": "1.4.4-1.1ubuntu1.1",
            "binary_name": "python3-waitress"
        }
    ]
}

Ubuntu:24.10 / waitress

Package

Name
waitress
Purl
pkg:deb/ubuntu/waitress?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.0-1ubuntu0.1

Affected versions

2.*

2.1.2-2

3.*

3.0.0-1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "3.0.0-1ubuntu0.1",
            "binary_name": "python-waitress-doc"
        },
        {
            "binary_version": "3.0.0-1ubuntu0.1",
            "binary_name": "python3-waitress"
        }
    ]
}

Ubuntu:Pro:24.04:LTS / waitress

Package

Name
waitress
Purl
pkg:deb/ubuntu/waitress?arch=src?distro=esm-apps/noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.2-2ubuntu0.1~esm1

Affected versions

2.*

2.1.2-2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "2.1.2-2ubuntu0.1~esm1",
            "binary_name": "python-waitress-doc"
        },
        {
            "binary_version": "2.1.2-2ubuntu0.1~esm1",
            "binary_name": "python3-waitress"
        }
    ]
}