drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Überschreiben von Dateien in Django (Aktualisierung)
Name: |
Überschreiben von Dateien in Django (Aktualisierung) |
|
ID: |
USN-4932-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 ESM, Ubuntu 16.04 ESM |
|
Datum: |
Do, 13. Mai 2021, 23:54 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31542 |
|
Applikationen: |
Django |
|
Update von: |
Überschreiben von Dateien in Django |
|
Originalnachricht |
--===============6435450606538472209== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="z6Eq5LdranGa6ru8" Content-Disposition: inline
--z6Eq5LdranGa6ru8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-4932-2 May 13, 2021
python-django vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM - Ubuntu 14.04 ESM
Summary:
Django could be made to overwrite files.
Software Description: - python-django: High-level Python web development framework
Details:
USN-4932-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: python-django 1.8.7-1ubuntu5.15+esm1 python3-django 1.8.7-1ubuntu5.15+esm1
Ubuntu 14.04 ESM: python-django 1.6.11-0ubuntu1.3+esm3
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-4932-2 https://ubuntu.com/security/notices/USN-4932-1 CVE-2021-31542
--z6Eq5LdranGa6ru8 Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmCdInYACgkQRbznW4QL H2mKCA/9ECxWl2CYT2aKRjRCN0ze0icSAFzA9oJifjdBnSUimhvkBqLLha64XOCu qwonq/pOR9qfORKSbCr5VfnWOFeTgPYKa3nL8p1iD9kQSrUwQW4ydIvNImlD+5XR iE6bT2UV6C6zdnBOQj1ZDYAqm4wkVi2GPBG3/3dLO6FqIgBaJPR9Ss13yqEB1Orp iu5/3KmSiUUiq+I5nWyt85yrlQSW5oHbyvJ17OnpsKi7lRYLiXVUn8MlSE592hIa VaMNvp22YJl+jMHYdIELM0Zzddm4KfSGvW15TM62/owegYrG5PCRk34YNJpYJje6 jpxJXOnSTl3Guzu29rkuKUNb1QXEh473MVwJ+7BKwjThMfjUywl78DLc6Ig/NKWN ig9DrIC+rLVIwNTgjDihbThwi6nMZNCCLRcpz9MqC7ehIInPPhnv4eFti4Yd+fg2 3hmwGTJrxI1AODWUEWhdJ4zDrcvyOUlAuf6qxl8KP2p6Evnm4ri/DOnU08xQ3O/L vpKIXmbAI8+YZjf1FVY9Hffb8CynXqBOcU654yZho17TP1O3dWwki4JXBzoGSVRj +eWbev65Zfh8kQ+yBjG0dSnYRilryzY1bru6Bjj4Y7lwU9ExHUXGmQy6fSKw8lnA nl3QAbM/v4K+FId0xmW8/zm/wDdqz1JLHGCCCSQDLV0tEAqSnXE= =RtB3 -----END PGP SIGNATURE-----
--z6Eq5LdranGa6ru8--
--===============6435450606538472209== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|