8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
0.001 Low
EPSS
Percentile
51.0%
Debian Security Advisory DSA-5426-1 [email protected]
https://www.debian.org/security/ Aron Xu
June 14, 2023 https://www.debian.org/security/faq
Package : owslib
CVE ID : CVE-2023-27476
Debian Bug : 1034182
An arbitrary file reads from malformed XML payload vulnerbility was
discovered in owslib, the Python client library for Open Geospatial (OGC)
web services. This issue has been addressed by always using lxml as the
XML parser with entity resolution disabled.
For the oldstable distribution (bullseye), this problem has been fixed
in version 0.23.0-1+deb11u1.
We recommend that you upgrade your owslib packages.
For the detailed security status of owslib please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/owslib
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 10 | all | python3-owslib | < 0.17.1-1+deb10u1 | python3-owslib_0.17.1-1+deb10u1_all.deb |
Debian | 10 | all | owslib | < 0.17.1-1+deb10u1 | owslib_0.17.1-1+deb10u1_all.deb |
Debian | 11 | all | owslib-doc | < 0.23.0-1+deb11u1 | owslib-doc_0.23.0-1+deb11u1_all.deb |
Debian | 11 | all | python3-owslib | < 0.23.0-1+deb11u1 | python3-owslib_0.23.0-1+deb11u1_all.deb |
Debian | 10 | all | python-owslib | < 0.17.1-1+deb10u1 | python-owslib_0.17.1-1+deb10u1_all.deb |
Debian | 10 | all | owslib-doc | < 0.17.1-1+deb10u1 | owslib-doc_0.17.1-1+deb10u1_all.deb |
Debian | 11 | all | owslib | < 0.23.0-1+deb11u1 | owslib_0.23.0-1+deb11u1_all.deb |