ELA-659-1 mod-wsgi security update

Debian 10225 Published by

A mod-wsgi security update has been released for Debian GNU/Linux 9 Extended LTS to address an issue where a request from an untrusted proxy does not remove the X-Client-IP header and thus allowing this header to be passed to the target WSGI application.



ELA-659-1 mod-wsgi security update

Package mod-wsgi
Version 4.5.11-1+deb9u1 (stretch)
Related CVEs CVE-2022-2255

An issue has been found in mod-wsgi, a Python WSGI adapter module for Apache. A request from an untrusted proxy does not remove the X-Client-IP header and thus allowing this header to be passed to the target WSGI application.

For Debian 9 stretch, these problems have been fixed in version 4.5.11-1+deb9u1.

We recommend that you upgrade your mod-wsgi packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/.

  ELA-659-1 mod-wsgi security update

openSUSE-SU-2022:10080-1: moderate: Security update for caddy

QSB-084: Split GPG: GnuPG file descriptor confusion and file existence leak

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...