drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in Django
Name: |
Zwei Probleme in Django |
|
ID: |
USN-3591-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 17.10 |
|
Datum: |
Di, 6. März 2018, 18:38 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7536
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7537 |
|
Applikationen: |
Django |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============1684698296094528065== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="axGmYmP3my39J0TlM2ye5aDkXgFjDsOsn"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --axGmYmP3my39J0TlM2ye5aDkXgFjDsOsn Content-Type: multipart/mixed; boundary="V8fcDAuKISBw5mhHJy06qQXmiPLNari0S"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <7246e1d4-9cca-ddc6-bd3f-960a3a65d743@canonical.com> Subject: [USN-3591-1] Django vulnerabilities
--V8fcDAuKISBw5mhHJy06qQXmiPLNari0S Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3591-1 March 06, 2018
python-django vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Django.
Software Description: - python-django: High-level Python web development framework
Details:
James Davis discovered that Django incorrectly handled certain template filters. A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.10: python-django 1:1.11.4-1ubuntu1.2 python3-django 1:1.11.4-1ubuntu1.2
Ubuntu 16.04 LTS: python-django 1.8.7-1ubuntu5.6 python3-django 1.8.7-1ubuntu5.6
Ubuntu 14.04 LTS: python-django 1.6.11-0ubuntu1.2
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/usn/usn-3591-1 CVE-2018-7536, CVE-2018-7537
Package Information: https://launchpad.net/ubuntu/+source/python-django/1:1.11.4-1ubuntu1.2 https://launchpad.net/ubuntu/+source/python-django/1.8.7-1ubuntu5.6 https://launchpad.net/ubuntu/+source/python-django/1.6.11-0ubuntu1.2
--V8fcDAuKISBw5mhHJy06qQXmiPLNari0S--
--axGmYmP3my39J0TlM2ye5aDkXgFjDsOsn Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJansZFAAoJEGVp2FWnRL6T2xIP/R610L9rjhzmY2XT555uGrvz vGMRbMKGlXXOrVq66KSnCVvxwqvlKWdygxzDo1iCmUdZvY+jhTaDkBmof4cOmDwA d5QntU5RJ1viywru5M33IQqn/RTO8IW/P5KLQxzVEru8rASdSuPnVPOx9POeuvzm s3yDDDq+mX0ZnmylN/dqVcm6jM+/y563m0t3ehUX21z4zhLmXHcNm5IUITsFYWh9 866RprY7MLmDtAUG5MvuWH1alWjl71L88qoh/8Bhv2ZhzIiQQvJwbIYqsZhbZ6AM 5wV5QIAWm+ml6oEpIrt+VFD5xPLVYt/4Z+98QsxFnlMTvxUEzUKUVvb/ER/iG1Hk /rh1iiHpmF4opVe9ZpCgQtA8jJGlteiRWjjc/LETRECInM6mDo0R7Kdn1rD2gaqQ J270HftW7J5+2hAMdBYo0NvHfDnQdpOpQD+ZR/vzDdFp2RMMyjR6mveHa3H9LDwb UsQkFv3WtabRaKK+yGSJ1vihchxMoB+P5+h87cZQT1d6cltr7tn+U4uaFfsjhf9e xBeIxVDFoy2EofsphkGydod+0b+/JZROWMpNBIq0c/YgxQo7n/xPkzParKQdIq2j pjCgAVeYVliEW/xr8uGyC2rooRMeySwIMg6rAiCJ3OZIoEW+mwQ4pAycPDx8QWux 3kXZYLC/cFmeKIPO2hBx =o+he -----END PGP SIGNATURE-----
--axGmYmP3my39J0TlM2ye5aDkXgFjDsOsn--
--===============1684698296094528065== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============1684698296094528065==--
|
|
|
|