You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa python-django

Sigurnosni nedostaci programskog paketa python-django

==========================================================================
Ubuntu Security Notice USN-4043-1
July 01, 2019

python-django vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Django.

Software Description:
– python-django: High-level Python web development framework

Details:

It was discovered that Django incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10 and Ubuntu 19.04.
(CVE-2019-12308)

Gavin Wahl discovered that Django incorrectly handled certain requests.
An attacker could possibly use this issue to bypass credentials and
access administrator interface. (CVE-2019-12781)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
python-django 1:1.11.20-1ubuntu0.1
python3-django 1:1.11.20-1ubuntu0.1

Ubuntu 18.10:
python-django 1:1.11.15-1ubuntu1.3
python3-django 1:1.11.15-1ubuntu1.3

Ubuntu 18.04 LTS:
python-django 1:1.11.11-1ubuntu1.4
python3-django 1:1.11.11-1ubuntu1.4

Ubuntu 16.04 LTS:
python-django 1.8.7-1ubuntu5.9
python3-django 1.8.7-1ubuntu5.9

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4043-1
CVE-2019-12308, CVE-2019-12781

Package Information:
https://launchpad.net/ubuntu/+source/python-django/1:1.11.20-1ubuntu0.1
https://launchpad.net/ubuntu/+source/python-django/1:1.11.15-1ubuntu1.3
https://launchpad.net/ubuntu/+source/python-django/1:1.11.11-1ubuntu1.4
https://launchpad.net/ubuntu/+source/python-django/1.8.7-1ubuntu5.9
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBAgAGBQJdGj5iAAoJEEW851uECx9pcrwP/icGdixEPx2uLX5cLO6XioNT
yCrxNvxomXh5onc0lx5l/X2g8iAvbNmB/sV8TsoCNnQYnqnrvVr2w97wbG+ENc0k
dEbfqqyRSgkZ6OLe2RGLWjPsHyMKxmAr2lcBcHIkbe0K5sdzExpbk3ZyHddRPIxx
+06o9TuyvkgaRsxDtLjIj8V29800vIEmZWLV+arZYALKKPNG9ACJGk9lGD5Zpbri
Yp0kIoZYmF9JvdeDSBJX65QlvQ97lN02XLJcAt5VbYDmGkMpEiC7bhy7YFnWF6L7
dpmP5Ia9UEFHtnX7dkbMPotuMj0Oh/xGClUor3+7fMBdM7igPnwsx9twls9mXR4P
RLCcQfTg6BQ9hzjzgIHxuWQ/isAAIWrM7MbTXMc1PY9UKQNROkfbLqR14W1XQog2
vCR3Hx3gzLCQXw9M7Bi8O3o6iehsVIqKtFDgz3Sw1tKEoCs1x3Zwj/w249WEdyV7
3MpdcSbUOdHVLn+x5flzp5T95eq8UOeqhKn1pWEggkoiEdxGUdKzpZVlPEqP7upT
TPACXtsjBQq8DVoz7I/dofroBXORQuJOVIZ/a2Xk+ACrC83pXUTObTb5t+9A3KGw
0GYuK0HeAVnDv55/v5Fuf0SL6xRaRXO5l3BmEY3ewucQkShDqXVe3M3QU+b2fgPD
O5SqpH2fqgksyPkh6DNe
=bWl/
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libheimdal

Otkriveni su sigurnosni nedostaci programske biblioteke libheimdal za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju otkrivanje osjetljivih informacija, zaobilaženje...

Close