You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa python-django

Sigurnosni nedostaci programskog paketa python-django

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4084-1
August 01, 2019

python-django vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Django.

Software Description:
– python-django: High-level Python web development framework

Details:

It was discovered that Django incorrectly handled the Truncator function. A
remote attacker could possibly use this issue to cause Django to consume
resources, leading to a denial of service. (CVE-2019-14232)

It was discovered that Django incorrectly handled the strip_tags function.
A remote attacker could possibly use this issue to cause Django to consume
resources, leading to a denial of service. (CVE-2019-14233)

It was discovered that Django incorrectly handled certain lookups in the
PostgreSQL support. A remote attacker could possibly use this issue to
perform SQL injection attacks. (CVE-2019-14234)

It was discovered that Django incorrectly handled certain invalid UTF-8
octet sequences. A remote attacker could possibly use this issue to cause
Django to consume resources, leading to a denial of service.
(CVE-2019-14235)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
python-django 1:1.11.20-1ubuntu0.2
python3-django 1:1.11.20-1ubuntu0.2

Ubuntu 18.04 LTS:
python-django 1:1.11.11-1ubuntu1.5
python3-django 1:1.11.11-1ubuntu1.5

Ubuntu 16.04 LTS:
python-django 1.8.7-1ubuntu5.10
python3-django 1.8.7-1ubuntu5.10

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4084-1
CVE-2019-14232, CVE-2019-14233, CVE-2019-14234, CVE-2019-14235

Package Information:
https://launchpad.net/ubuntu/+source/python-django/1:1.11.20-1ubuntu0.2
https://launchpad.net/ubuntu/+source/python-django/1:1.11.11-1ubuntu1.5
https://launchpad.net/ubuntu/+source/python-django/1.8.7-1ubuntu5.10

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl1C430ACgkQZWnYVadE
vpM9QA/9Ev1fw/MuVrArue7RDHVbOE+iBd6wPD25l8SZBZauz1ZaiNdlfcu1YjyC
XrtxiM7Q4pFQug7E+7M7U2yTH58GJeyNvPlemaRauB1N5L0uvy49ZigsZLjP+gGL
q9yhEkhCKSbI9wm4Z01jYaKbe+6tlklhinlPQ/cndnD/3xc3OU2Ff9kFCnzk5Icc
OoA4KwokGNaZzwkZLzjxn6kKqW7+ZqdrA8Y8PtiY6ZWoN7/lOXPOHwokh5nQ64da
GPMON/bDuT05fhxec8nwXTzKsIMCb75+qz0MkuafxFurtwsEswFjKGePOLEsiU5h
OCuxsQ9ixaok2PeqSEd5S8is8DITJtqWq6TJiWBLWRlVbEYtMNiAxZ7/EEzFtiZF
I0FWnOROFRnpsDWCH0IyHrkWiHJ3hCnDc9n0jg0Pzt9MWKrXeG7CfMoa4jbFW44V
eRjbr6SveZ8bOvXKVadfci/9NLZWllaoraopZoVIHSdT4Cw6JrOT0bCEL4AvFkdT
0gzR9+N6kso/17hyGbFgIG5fpKNX3B/a3eQXjNTxk8t83B/b03Yx18gPeCe8Y/BU
HP+i6LtYjxdy0qEMFw/Zks7suNd3uozXki9UNsNiqB4/9TFvynuPc4bLMcfm12f7
URhk67/+I1QZVvo/q+W7idCI+42GMIeH0RRKZh5oPFGxVaXFohM=
=teM8
—–END PGP SIGNATURE—–

AutorZvonimir Bosnjak
Cert idNCERT-REF-2019-08-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izvršavanje proizvoljnog programskog koda, izazivanje DoS stanja...

Close