Login
Newsletter
Werbung

Sicherheit: Überschreiben von Dateien in Django (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Überschreiben von Dateien in Django (Aktualisierung)
ID: USN-4715-2
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 ESM
Datum: Mo, 1. Februar 2021, 18:14
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3281
Applikationen: Django
Update von: Überschreiben von Dateien in Django

Originalnachricht


--===============1472049670005538607==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="zhXaljGHf11kAtnf"
Content-Disposition: inline


--zhXaljGHf11kAtnf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-4715-2
February 01, 2021

python-django vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM

Summary:

Django could be made to overwrite files.

Software Description:
- python-django: High-level Python web development framework

Details:

USN-4715-1 fixed a vulnerability in Django. This update provides
the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Wang Baohua discovered that Django incorrectly extracted archive files. A
remote attacker could possibly use this issue to extract files outside of
their expected location.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
python-django 1.6.11-0ubuntu1.3+esm2

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4715-2
https://usn.ubuntu.com/4715-1
CVE-2021-3281

--zhXaljGHf11kAtnf
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmAYKiwACgkQRbznW4QL
H2kECQ//UeVIZZ0H7/5OZrQPCcjkNh1DsrpQVjNouYCHYbmSLSuXyuJ8ncE+Iw6k
JuW8uCP5npkOg6JE35/RDqfb5omN0Vek8Y2s/HVEhEbryYoKw1+UcsghFdyTN1jp
1qnpBLStwhrdKlqgkRK0IQX9azx/p/cwP34DdmmykPDCLbplW5XEt/8TnjXUuzl0
Wld1nIRqqfks+mRj1bDeTarI/LPiRnAoo2OT3XNqO3hYES7Tn2qbV+Kj56W8BfNH
7CoS0GDscPaajSAy99oX7kETOWX/gF9o49U0jqF4zcEAxyA9GL5WPEwp2jp2J7Gi
mrW4ZzO9Ujfd2uNj0Q/rDE4G3MGgcUlMGBuQcjGxy2IkVrkvjGUw9fObJKKUhJSd
xIqm429+C6aAjeazsMR4d7J8tgv1+IdxTh81uk6VkNjaIFMKtQfMkna8noJBYUWG
QuEvljxptTk3A5bTBhO9/g9rY9x6v3tiKDqqSIs78VldCpkXeb+DJ9VZeXne1JRK
/OFLaPgQ4V1dKRR/9IR9O9wc2NURaJw6u9G4InvoYc8vgBSdkHAOgMmTB94KuD+G
FoTdM6PUj3Jafytds5qV4L3kLIyYr5C67rH9T4X4/igbqejs5ptCkyuqaZ3Vp5Y6
TH13lzvDx5lpCZrZtkPBKKicJrZHOUcivtNZaBVEMM1EbjkCou0=
=eymK
-----END PGP SIGNATURE-----

--zhXaljGHf11kAtnf--


--===============1472049670005538607==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung