Summary:
Intel® Quartus® Prime Pro before version 18.0.1 ships with an open source component, bottle.py, which is disabled by default. If bottle.py is enabled the system is potentially vulnerable to CVE-2016-9964.
Description:
For details on the CVE-2016-9964 please see: <https://vulners.com/cve/CVE-2016-9964>
Affected products:
Intel® Quartus® Prime Pro before version 18.0.1.
Recommendations:
Intel recommends that users of Intel® Quartus® Prime Pro update to version 18.0.1.
Alternately you may remove bottle by:
• Ensure that Design Space Explorer II (DSEII) is not running
• Remove <install root directory>/acds/quartus/common/python/lib/site-packages/bottle.py and bottle-0.12.7-py3.3.egg-info
The next time DSEII runs bottle will no longer load.