drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Überschreiben von Dateien in Django (Aktualisierung)
| Name: |
Überschreiben von Dateien in Django (Aktualisierung) |
|
| ID: |
USN-4715-2 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 14.04 ESM |
|
| Datum: |
Mo, 1. Februar 2021, 18:14 |
|
| Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3281 |
|
| Applikationen: |
Django |
|
| Update von: |
Überschreiben von Dateien in Django |
|
Originalnachricht |
--===============1472049670005538607==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="zhXaljGHf11kAtnf"
Content-Disposition: inline
--zhXaljGHf11kAtnf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
==========================================================================
Ubuntu Security Notice USN-4715-2
February 01, 2021
python-django vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
Summary:
Django could be made to overwrite files.
Software Description:
- python-django: High-level Python web development framework
Details:
USN-4715-1 fixed a vulnerability in Django. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
Wang Baohua discovered that Django incorrectly extracted archive files. A
remote attacker could possibly use this issue to extract files outside of
their expected location.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
python-django 1.6.11-0ubuntu1.3+esm2
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4715-2
https://usn.ubuntu.com/4715-1
CVE-2021-3281
--zhXaljGHf11kAtnf
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmAYKiwACgkQRbznW4QL
H2kECQ//UeVIZZ0H7/5OZrQPCcjkNh1DsrpQVjNouYCHYbmSLSuXyuJ8ncE+Iw6k
JuW8uCP5npkOg6JE35/RDqfb5omN0Vek8Y2s/HVEhEbryYoKw1+UcsghFdyTN1jp
1qnpBLStwhrdKlqgkRK0IQX9azx/p/cwP34DdmmykPDCLbplW5XEt/8TnjXUuzl0
Wld1nIRqqfks+mRj1bDeTarI/LPiRnAoo2OT3XNqO3hYES7Tn2qbV+Kj56W8BfNH
7CoS0GDscPaajSAy99oX7kETOWX/gF9o49U0jqF4zcEAxyA9GL5WPEwp2jp2J7Gi
mrW4ZzO9Ujfd2uNj0Q/rDE4G3MGgcUlMGBuQcjGxy2IkVrkvjGUw9fObJKKUhJSd
xIqm429+C6aAjeazsMR4d7J8tgv1+IdxTh81uk6VkNjaIFMKtQfMkna8noJBYUWG
QuEvljxptTk3A5bTBhO9/g9rY9x6v3tiKDqqSIs78VldCpkXeb+DJ9VZeXne1JRK
/OFLaPgQ4V1dKRR/9IR9O9wc2NURaJw6u9G4InvoYc8vgBSdkHAOgMmTB94KuD+G
FoTdM6PUj3Jafytds5qV4L3kLIyYr5C67rH9T4X4/igbqejs5ptCkyuqaZ3Vp5Y6
TH13lzvDx5lpCZrZtkPBKKicJrZHOUcivtNZaBVEMM1EbjkCou0=
=eymK
-----END PGP SIGNATURE-----
--zhXaljGHf11kAtnf--
--===============1472049670005538607==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|
