drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Überschreiben von Dateien in Django (Aktualisierung)
| Name: |
Überschreiben von Dateien in Django (Aktualisierung) |
|
| ID: |
USN-4932-2 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 14.04 ESM, Ubuntu 16.04 ESM |
|
| Datum: |
Do, 13. Mai 2021, 23:54 |
|
| Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31542 |
|
| Applikationen: |
Django |
|
| Update von: |
Überschreiben von Dateien in Django |
|
Originalnachricht |
--===============6435450606538472209==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="z6Eq5LdranGa6ru8"
Content-Disposition: inline
--z6Eq5LdranGa6ru8
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
==========================================================================
Ubuntu Security Notice USN-4932-2
May 13, 2021
python-django vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Django could be made to overwrite files.
Software Description:
- python-django: High-level Python web development framework
Details:
USN-4932-1 fixed a vulnerability in Django. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that Django incorrectly handled certain
filenames. A remote attacker could possibly use this issue to create or
overwrite files in unexpected directories.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
python-django 1.8.7-1ubuntu5.15+esm1
python3-django 1.8.7-1ubuntu5.15+esm1
Ubuntu 14.04 ESM:
python-django 1.6.11-0ubuntu1.3+esm3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-4932-2
https://ubuntu.com/security/notices/USN-4932-1
CVE-2021-31542
--z6Eq5LdranGa6ru8
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmCdInYACgkQRbznW4QL
H2mKCA/9ECxWl2CYT2aKRjRCN0ze0icSAFzA9oJifjdBnSUimhvkBqLLha64XOCu
qwonq/pOR9qfORKSbCr5VfnWOFeTgPYKa3nL8p1iD9kQSrUwQW4ydIvNImlD+5XR
iE6bT2UV6C6zdnBOQj1ZDYAqm4wkVi2GPBG3/3dLO6FqIgBaJPR9Ss13yqEB1Orp
iu5/3KmSiUUiq+I5nWyt85yrlQSW5oHbyvJ17OnpsKi7lRYLiXVUn8MlSE592hIa
VaMNvp22YJl+jMHYdIELM0Zzddm4KfSGvW15TM62/owegYrG5PCRk34YNJpYJje6
jpxJXOnSTl3Guzu29rkuKUNb1QXEh473MVwJ+7BKwjThMfjUywl78DLc6Ig/NKWN
ig9DrIC+rLVIwNTgjDihbThwi6nMZNCCLRcpz9MqC7ehIInPPhnv4eFti4Yd+fg2
3hmwGTJrxI1AODWUEWhdJ4zDrcvyOUlAuf6qxl8KP2p6Evnm4ri/DOnU08xQ3O/L
vpKIXmbAI8+YZjf1FVY9Hffb8CynXqBOcU654yZho17TP1O3dWwki4JXBzoGSVRj
+eWbev65Zfh8kQ+yBjG0dSnYRilryzY1bru6Bjj4Y7lwU9ExHUXGmQy6fSKw8lnA
nl3QAbM/v4K+FId0xmW8/zm/wDdqz1JLHGCCCSQDLV0tEAqSnXE=
=RtB3
-----END PGP SIGNATURE-----
--z6Eq5LdranGa6ru8--
--===============6435450606538472209==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|
