- ------------------------------------------------------------------------- Debian LTS Advisory DLA-2651-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb May 06, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : python-django Version : 1:1.10.7-2+deb9u13 CVE ID : CVE-2021-31542 Debian Bug : #988053 It was discovered that there was potential directory-traversal vulnerability in Django, a popular Python-based web development framework. The MultiPartParser, UploadedFile and FieldFile classes allowed directory-traversal via uploaded files with suitably crafted file names. In order to mitigate this risk, stricter basename and path sanitation is now applied. Specifically, empty file names and paths with dot segments are rejected. For Debian 9 "Stretch", this problem has been fixed in version 1:1.10.7-2+deb9u13. We recommend that you upgrade your python-django packages. For the detailed security status of python-django please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-django Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Debian LTS: DLA-2651-1: python-django security update
May 6, 2021
It was discovered that there was potential directory-traversal vulnerability in Django, a popular Python-based web development framework
Summary
It was discovered that there was potential directory-traversal vulnerability in Django, a popular Python-based web development framework. The MultiPartParser, UploadedFile and FieldFile classes allowed directory-traversal via uploaded files with suitably crafted file names. In order to mitigate this risk, stricter basename and path sanitation is now applied. Specifically, empty file names and paths with dot segments are rejected. For Debian 9 "Stretch", this problem has been fixed in version 1:1.10.7-2+deb9u13. We recommend that you upgrade your python-django packages. For the detailed security status of python-django please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-django Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Debian LTS Advisory DLA-2651-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb May 06, 2021 https://wiki.debian.org/LTS Version : 1:1.10.7-2+deb9u13
Severity
Package : python-django
CVE ID : CVE-2021-31542
Debian Bug : #988053
News
HOWTOs
Features
Time is running out for CentOS 8
Open-Source Tool of the Month: Uptycs Addresses Modern Cloud-Native & Containerization Security Challenges with its Uptycs Security Analytics Platform
Best File and Disk Encryption Tools For Linux
Best Linux Backup Solutions to Prevent Data Loss in A Ransomware Attack
What You Need to Know About Linux Rootkits
About Us
Powered By
