You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa python-django

Sigurnosni nedostaci programskog paketa python-django

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3591-1
March 06, 2018

python-django vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Django.

Software Description:
– python-django: High-level Python web development framework

Details:

James Davis discovered that Django incorrectly handled certain template
filters. A remote attacker could possibly use this issue to cause Django
to consume resources, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
python-django 1:1.11.4-1ubuntu1.2
python3-django 1:1.11.4-1ubuntu1.2

Ubuntu 16.04 LTS:
python-django 1.8.7-1ubuntu5.6
python3-django 1.8.7-1ubuntu5.6

Ubuntu 14.04 LTS:
python-django 1.6.11-0ubuntu1.2

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3591-1
CVE-2018-7536, CVE-2018-7537

Package Information:
https://launchpad.net/ubuntu/+source/python-django/1:1.11.4-1ubuntu1.2
https://launchpad.net/ubuntu/+source/python-django/1.8.7-1ubuntu5.6
https://launchpad.net/ubuntu/+source/python-django/1.6.11-0ubuntu1.2

—–BEGIN PGP SIGNATURE—–

iQIcBAEBCgAGBQJansZFAAoJEGVp2FWnRL6T2xIP/R610L9rjhzmY2XT555uGrvz
vGMRbMKGlXXOrVq66KSnCVvxwqvlKWdygxzDo1iCmUdZvY+jhTaDkBmof4cOmDwA
d5QntU5RJ1viywru5M33IQqn/RTO8IW/P5KLQxzVEru8rASdSuPnVPOx9POeuvzm
s3yDDDq+mX0ZnmylN/dqVcm6jM+/y563m0t3ehUX21z4zhLmXHcNm5IUITsFYWh9
866RprY7MLmDtAUG5MvuWH1alWjl71L88qoh/8Bhv2ZhzIiQQvJwbIYqsZhbZ6AM
5wV5QIAWm+ml6oEpIrt+VFD5xPLVYt/4Z+98QsxFnlMTvxUEzUKUVvb/ER/iG1Hk
/rh1iiHpmF4opVe9ZpCgQtA8jJGlteiRWjjc/LETRECInM6mDo0R7Kdn1rD2gaqQ
J270HftW7J5+2hAMdBYo0NvHfDnQdpOpQD+ZR/vzDdFp2RMMyjR6mveHa3H9LDwb
UsQkFv3WtabRaKK+yGSJ1vihchxMoB+P5+h87cZQT1d6cltr7tn+U4uaFfsjhf9e
xBeIxVDFoy2EofsphkGydod+0b+/JZROWMpNBIq0c/YgxQo7n/xPkzParKQdIq2j
pjCgAVeYVliEW/xr8uGyC2rooRMeySwIMg6rAiCJ3OZIoEW+mwQ4pAycPDx8QWux
3kXZYLC/cFmeKIPO2hBx
=o+he
—–END PGP SIGNATURE—–

AutorDanijel Kozinovic
Cert idNCERT-REF-2018-03-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa irssi

Otkriveni su sigurnosni nedostaci u programskom paketu irssi za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja,...

Close