drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in Django
Name: |
Zwei Probleme in Django |
|
ID: |
USN-2671-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 14.10, Ubuntu 15.04 |
|
Datum: |
Do, 9. Juli 2015, 14:52 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5144 |
|
Applikationen: |
Django |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============1622253924864239142== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="sqGN5mcCQP6Lr4168okr6JpsoLjN25kIK"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --sqGN5mcCQP6Lr4168okr6JpsoLjN25kIK Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2671-1 July 09, 2015
python-django vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04 - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Django.
Software Description: - python-django: High-level Python web development framework
Details:
Eric Peterson and Lin Hua Cheng discovered that Django incorrectly handled session records. A remote attacker could use this issue to cause a denial of service. (CVE-2015-5143)
Sjoerd Job Postmus discovered that DJango incorrectly handled newline characters when performing validation. A remote attacker could use this issue to perform header injection attacks. (CVE-2015-5144)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.04: python-django 1.7.6-1ubuntu2.1 python3-django 1.7.6-1ubuntu2.1
Ubuntu 14.10: python-django 1.6.6-1ubuntu2.3 python3-django 1.6.6-1ubuntu2.3
Ubuntu 14.04 LTS: python-django 1.6.1-2ubuntu0.9
Ubuntu 12.04 LTS: python-django 1.3.1-4ubuntu1.17
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2671-1 CVE-2015-5143, CVE-2015-5144
Package Information: https://launchpad.net/ubuntu/+source/python-django/1.7.6-1ubuntu2.1 https://launchpad.net/ubuntu/+source/python-django/1.6.6-1ubuntu2.3 https://launchpad.net/ubuntu/+source/python-django/1.6.1-2ubuntu0.9 https://launchpad.net/ubuntu/+source/python-django/1.3.1-4ubuntu1.17
--sqGN5mcCQP6Lr4168okr6JpsoLjN25kIK Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJVnl2eAAoJEGVp2FWnRL6TziYQAKgj1+xrCfi7aMqtSzFmZXe2 Vy82eH7Mi58jSw+DgLRc2D7qkZJMqhblZTwvWnkvJ4Cd1BAsAzaBeQ52J1Av98AQ JPQ8aGtmHpZ35sVY0eyISTZ/hJ8dlkNbJsT6WbOXe0iZv/obaUIa2aHf6OL60TBM 9Xibblf83MKKVe0kN3cd+Bx4BfA7ZOG1Jl7cCRQIjr4Ujs3YxxhIn30cuVHJi+Hm SG/x+m1QhRL/12H3QZcOTB8jhCqWpaFMpHIOKnMJ+MRa2vQw1uwXz26RHAJmWeDZ pQZfn1wUikPlhRpD2ldiXUMt1GttlDDWC6dXwnyAmZR29KlKihi4adVSRH5mYorM 2COfdPE3mwRMxXESiRmJxqNsKhUTJkYy+gfmb+lVg0GDbd50Onds3bW4WLtzkXZg rEldfJgqcRVs/r3kzAm16b0a/wqSjH5T1wBxhJRGMj3M+yVI+MwiOiZ9Bmi/GUGi i1YZxeY0RzJw7ze3uMHAMHvHUD03fVVk5PYYYC2qPzSx0HfSwdhx/ScFFx0Fr7tn DwGhTtsAlxh74IgKsgoK6FEBOAJ0cHkaV9HAFyxfhAFSQSlzeMA4euBjk5yfKsXs 8JSRhRWjfyqmOAcIi2+Htq+9L6B1eU5RbPLmwViT7zaof8Jl+WaDwRY3ec5muqas RB94wWH8SBZnnMorQERR =gent -----END PGP SIGNATURE-----
--sqGN5mcCQP6Lr4168okr6JpsoLjN25kIK--
--===============1622253924864239142== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============1622253924864239142==--
|
|
|
|