drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in Django (Aktualisierung)
Name: |
Denial of Service in Django (Aktualisierung) |
|
ID: |
USN-6674-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 18.04 LTS (Available with Ubuntu Pro) |
|
Datum: |
Di, 5. März 2024, 06:51 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27351 |
|
Applikationen: |
Django |
|
Update von: |
Denial of Service in Django |
|
Originalnachricht |
--===============1761567984000766156== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="envbJBWh7q8WU6mo" Content-Disposition: inline
--envbJBWh7q8WU6mo Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-6674-2 March 04, 2024
python-django vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
Summary:
Django could be made to consume resources or crash if it received specially crafted network traffic.
Software Description: - python-django: High-level Python web development framework
Details:
USN-6674-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 18.04 LTS.
Original advisory details:
Seokchan Yoon discovered that the Django Truncator function incorrectly handled very long HTML input. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS (Available with Ubuntu Pro): python-django 1:1.11.11-1ubuntu1.21+esm4 python3-django 1:1.11.11-1ubuntu1.21+esm4
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-6674-2 https://ubuntu.com/security/notices/USN-6674-1 CVE-2024-27351
--envbJBWh7q8WU6mo Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmXl/8IACgkQRbznW4QL H2nASg/8CDSWUa6XzJVC6oPNFlzeR6WVD+FAIYwMWuLbtR4sWNb+31An/WKcGsNz 5/Imbq1uy87ROLlZEEDu9JYVUbE9LRD22IRVe1idFKAvitmENm641B7YzzoNLK3j 0mm87WIhF79l5LVtTbqrTPTCreL40n0Dfuw/df+ScmgELmOyuVuitWkEX7PK4wkR FVisvlxcKa6h4ZDV6DEfLKAoarpJT36X7p7Q28rPxU+pvGBWvvDT9lpVKUE3JWUe Qg3jYyRkwgMGO3CV6lTRVSnUchX43ZzS/YiBwv6HXA8rjjPRRXDH8FK/t8nmIukw LnRUSah2abESoydVLchIu7bJNP0U84q4DovJnkzXiAIvEQt/a8OZ/VH/lNFIDn/r nPZz13oAOXx9flkZoFBYuBz+gM+PYQjHiBTrNbuyC4pDmyZZlCOr7OvDhOeG9vEV G7NLgA3rjKCHqObGaBKSkmtp4oB+lPSo9fv6WICy/493OZS54lTuU4W7W85RcHh2 iKrdTMORmMJFA3qDRg+CAZ7tMjsApCk8BZrmGlmOkQw5wSI/G+C0S8Dnb4A7crVx XVcHdxcyJHtKSWH9b7i+ZT3CClw6qV5hPo5FrS8UEvtrWirnwU4jn8bXkl8Df5jd qKrYOgT7ZVWdnzlAg3/1dUAee2DXOP5pm/cXCOhtiPeheHME94M= =Tpfb -----END PGP SIGNATURE-----
--envbJBWh7q8WU6mo--
--===============1761567984000766156== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
--===============1761567984000766156==--
|
|
|
|