Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in Django (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in Django (Aktualisierung)
ID: USN-4381-2
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 ESM
Datum: Do, 4. Juni 2020, 19:07
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13254
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13596
Applikationen: Django
Update von: Zwei Probleme in Django

Originalnachricht


--===============1095558248206510900==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="7JfCtLOvnd9MIVvH"
Content-Disposition: inline


--7JfCtLOvnd9MIVvH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-4381-2
June 04, 2020

python-django vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in Django.

Software Description:
- python-django: High-level Python web development framework

Details:

USN-4381-1 fixed several vulnerabilities in Django. This update provides
the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Dan Palmer discovered that Django incorrectly validated memcached cache
keys. A remote attacker could possibly use this issue to cause a denial of
service and obtain sensitive information. (CVE-2020-13254)

Jon Dufresne discovered that Django incorrectly encoded query parameters
for the admin ForeignKeyRawIdWidget. A remote attacker could possibly use
this issue to perform XSS attacks. (CVE-2020-13596)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
python-django 1.6.11-0ubuntu1.3+esm1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4381-2
https://usn.ubuntu.com/4381-1
CVE-2020-13254, CVE-2020-13596

--7JfCtLOvnd9MIVvH
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl7Y9/IACgkQRbznW4QL
H2mFXw/+NdE/tln7lpzajnKhpIIdydndkTAuH4lEorAVpkDgsLSL0c62yu6F19H+
Eo7AWW4xc0pkmlO1+dco4hyPV7/W+2J1pLLtL2iS3e3C8NXK4JDV3qLD1wvFwOPx
JNjpKAhYwbj3oPgC9bghS3UtzaG+qR2IE53VX7/95q2GAsz89310X769iW54TQHv
RHsWlfuZv2i3nobOO9GZQLCqmtrjKo02f6TpTvbuqlgisaH4Y2i1IVf/zNFCSGym
Hl0i+Qw4oQOac8AS60I50s2E888WFZD6R2ciCIWJzjODmRUMMBzPqooMd/yMXjBv
aZxUXjYR6nNtGWd5v/1YEqu/VLuNpP2AFlqcOErtZkIilrr9jOk0ctGFeET9Bfha
gZt/o3esjGSjsdn+1LoJL37TOxzv3GDOShPNMpGPoGyBzWp2RjKvu2doPJ5I+TMx
kHMfFcJGwBVYeig0GX45OUt2rJfWygaqhfvq3UVSNyfpMWV9ngfa023sGs5ITxvd
ZfoJ1UsNxKveP99ptF7+zlZOqmB8kF98Pod45WPmxY/rESS2xEscWgKdYA2F/UOB
ZGbwOpO1QIzdA5bNyJi8dgGFvPv1KbR1TA1Ubphw2JwL5fPKGFcEg49iZ5bs9RBf
kc0QbT8Xxp352VX45XNiWyWlsbuGoy403H0yTmeCCcq5Eel6eoY=
=PhjJ
-----END PGP SIGNATURE-----

--7JfCtLOvnd9MIVvH--


--===============1095558248206510900==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung