drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in Django
Name: |
Zwei Probleme in Django |
|
ID: |
USN-4043-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10, Ubuntu 19.04 |
|
Datum: |
Mo, 1. Juli 2019, 19:20 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308 |
|
Applikationen: |
Django |
|
Originalnachricht |
--===============6356861116733955784== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jI8keyz6grp/JLjh" Content-Disposition: inline
--jI8keyz6grp/JLjh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-4043-1 July 01, 2019
python-django vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04 - Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Django.
Software Description: - python-django: High-level Python web development framework
Details:
It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10 and Ubuntu 19.04. (CVE-2019-12308)
Gavin Wahl discovered that Django incorrectly handled certain requests. An attacker could possibly use this issue to bypass credentials and access administrator interface. (CVE-2019-12781)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 19.04: python-django 1:1.11.20-1ubuntu0.1 python3-django 1:1.11.20-1ubuntu0.1
Ubuntu 18.10: python-django 1:1.11.15-1ubuntu1.3 python3-django 1:1.11.15-1ubuntu1.3
Ubuntu 18.04 LTS: python-django 1:1.11.11-1ubuntu1.4 python3-django 1:1.11.11-1ubuntu1.4
Ubuntu 16.04 LTS: python-django 1.8.7-1ubuntu5.9 python3-django 1.8.7-1ubuntu5.9
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/4043-1 CVE-2019-12308, CVE-2019-12781
Package Information: https://launchpad.net/ubuntu/+source/python-django/1:1.11.20-1ubuntu0.1 https://launchpad.net/ubuntu/+source/python-django/1:1.11.15-1ubuntu1.3 https://launchpad.net/ubuntu/+source/python-django/1:1.11.11-1ubuntu1.4 https://launchpad.net/ubuntu/+source/python-django/1.8.7-1ubuntu5.9
--jI8keyz6grp/JLjh Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBAgAGBQJdGj5iAAoJEEW851uECx9pcrwP/icGdixEPx2uLX5cLO6XioNT yCrxNvxomXh5onc0lx5l/X2g8iAvbNmB/sV8TsoCNnQYnqnrvVr2w97wbG+ENc0k dEbfqqyRSgkZ6OLe2RGLWjPsHyMKxmAr2lcBcHIkbe0K5sdzExpbk3ZyHddRPIxx +06o9TuyvkgaRsxDtLjIj8V29800vIEmZWLV+arZYALKKPNG9ACJGk9lGD5Zpbri Yp0kIoZYmF9JvdeDSBJX65QlvQ97lN02XLJcAt5VbYDmGkMpEiC7bhy7YFnWF6L7 dpmP5Ia9UEFHtnX7dkbMPotuMj0Oh/xGClUor3+7fMBdM7igPnwsx9twls9mXR4P RLCcQfTg6BQ9hzjzgIHxuWQ/isAAIWrM7MbTXMc1PY9UKQNROkfbLqR14W1XQog2 vCR3Hx3gzLCQXw9M7Bi8O3o6iehsVIqKtFDgz3Sw1tKEoCs1x3Zwj/w249WEdyV7 3MpdcSbUOdHVLn+x5flzp5T95eq8UOeqhKn1pWEggkoiEdxGUdKzpZVlPEqP7upT TPACXtsjBQq8DVoz7I/dofroBXORQuJOVIZ/a2Xk+ACrC83pXUTObTb5t+9A3KGw 0GYuK0HeAVnDv55/v5Fuf0SL6xRaRXO5l3BmEY3ewucQkShDqXVe3M3QU+b2fgPD O5SqpH2fqgksyPkh6DNe =bWl/ -----END PGP SIGNATURE-----
--jI8keyz6grp/JLjh--
--===============6356861116733955784== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|