drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Eingabeprüfung in Django (Aktualisierung)
| Name: |
Mangelnde Eingabeprüfung in Django (Aktualisierung) |
|
| ID: |
USN-7555-2 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 24.10, Ubuntu 25.04 |
|
| Datum: |
Mo, 16. Juni 2025, 23:46 |
|
| Referenzen: |
Keine Angabe |
|
| Applikationen: |
Django |
|
| Update von: |
Mangelnde Eingabeprüfung in Django |
|
Originalnachricht |
--peSSGtd3MUpUCXP2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
==========================================================================
Ubuntu Security Notice USN-7555-2
June 16, 2025
python-django vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Django could be made to log injection if received specially
crafted input.
Software Description:
- python-django: High-level Python web development framework
Details:
USN-7555-1 fixed vulnerabilities in Django. The fix was incomplete.
This update applies an additional patch to fix it properly.
Original advisory details:
It was discovered that Django incorrectly handled certain
unescaped request paths. An attacker could possibly use this
issue to perform a log injection.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
python3-django 3:4.2.18-1ubuntu1.3
Ubuntu 24.10
python3-django 3:4.2.15-1ubuntu1.6
Ubuntu 24.04 LTS
python3-django 3:4.2.11-1ubuntu1.9
Ubuntu 22.04 LTS
python3-django 2:3.2.12-2ubuntu1.20
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7555-2
https://ubuntu.com/security/notices/USN-7555-1
https://launchpad.net/bugs/2113924
Package Information:
https://launchpad.net/ubuntu/+source/python-django/3:4.2.18-1ubuntu1.3
https://launchpad.net/ubuntu/+source/python-django/3:4.2.15-1ubuntu1.6
https://launchpad.net/ubuntu/+source/python-django/3:4.2.11-1ubuntu1.9
https://launchpad.net/ubuntu/+source/python-django/2:3.2.12-2ubuntu1.20
--peSSGtd3MUpUCXP2
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmhQYK0ACgkQRbznW4QL
H2mW5w//U4sEzTlq9yxieVkup0UgMrAmaXS2p1tI46GTJc5PrU/bw3yWOO6tUv6T
YItvFSjqRSdS0kfTPjtzdKXiPWrmhZ8HysY5aAyWrqnSfsw61bs6WDMlnTVtDSal
q2qzPqB+6XocD4pvDXHBJrqAVwLzYNNiXa1/GqEA5PLEtrdt7KYdxoBLFFCj4AA8
Rb6+M0Vp7u5B+zwIQL/wmxQ+J/CX+ELSjgH+aYX2vtqUShhwiTVytw+sWzH6gt6B
U/IGyDeN3+O008OYObl+shW5qZuVMfYczn8gdUrQ57utc7IWeRrC5wuHB2FwBi9i
5dfkUKv60+ALi6u0rSD62mP8366e/NBehdglW75j/ApK+sOVjPCBn2Eew81vrHH1
J2EwxiRl47QUbFJMGo52Mab8T7Zt6ZeJyLszillDZk3pQ8yrKZD2CUhs8jL/ggHt
5k3ikFT8ghSG76givYaYdv68Vj5WDVQk/fRDX+45Eo3+U2srkzWLTRtZAGzoDtpH
AaJYQTt25esb49FvuiVaPHXsX7kW0KNWyHXsN6pDMOSrmBQxiZseBHSenOUwfOMf
X3eAcHj5Kty9addmjHxqSf6iC3v81tznNEL3PJrLzZy7DzUNbtQhwG2elEQu9ajn
27Igjai7z9YrjKaNIRoXliZWE44UjBiJx4ES1FlIilpp1MF6Cyg=
=UgUH
-----END PGP SIGNATURE-----
--peSSGtd3MUpUCXP2--
|
|
|
|
