SB2019091736 - OpenSUSE Linux update for python-Werkzeug
Published: September 17, 2019
Security Bulletin ID
SB2019091736
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Insufficient Entropy (CVE-ID: CVE-2019-14806)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
Remediation
Install update from vendor's website.