Discover Government News

=========================================================================Ubuntu Security Notice USN-2816-1
November 24, 2015

python-django vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Django could be made to expose sensitive information over the network.

Software Description:
- python-django: High-level Python web development framework

Details:

Ryan Butterfield discovered that Django incorrectly handled the date
template filter. A remote attacker could possibly use this issue to obtain
secrets from application settings.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.10:
  python-django                   1.7.9-1ubuntu5.1
  python3-django                  1.7.9-1ubuntu5.1

Ubuntu 15.04:
  python-django                   1.7.6-1ubuntu2.3
  python3-django                  1.7.6-1ubuntu2.3

Ubuntu 14.04 LTS:
  python-django                   1.6.1-2ubuntu0.11

Ubuntu 12.04 LTS:
  python-django                   1.3.1-4ubuntu1.19

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2816-1
  CVE-2015-8213

Package Information:
  https://launchpad.net/ubuntu/+source/python-django/1.7.9-1ubuntu5.1
  https://launchpad.net/ubuntu/+source/python-django/1.7.6-1ubuntu2.3
  https://launchpad.net/ubuntu/+source/python-django/1.6.1-2ubuntu0.11
  https://launchpad.net/ubuntu/+source/python-django/1.3.1-4ubuntu1.19


Ubuntu 2816-1: Django vulnerability

November 24, 2015
Django could be made to expose sensitive information over the network.

Summary

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: python-django 1.7.9-1ubuntu5.1 python3-django 1.7.9-1ubuntu5.1 Ubuntu 15.04: python-django 1.7.6-1ubuntu2.3 python3-django 1.7.6-1ubuntu2.3 Ubuntu 14.04 LTS: python-django 1.6.1-2ubuntu0.11 Ubuntu 12.04 LTS: python-django 1.3.1-4ubuntu1.19 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2816-1

CVE-2015-8213

Severity
November 24, 2015

Package Information

https://launchpad.net/ubuntu/+source/python-django/1.7.9-1ubuntu5.1 https://launchpad.net/ubuntu/+source/python-django/1.7.6-1ubuntu2.3 https://launchpad.net/ubuntu/+source/python-django/1.6.1-2ubuntu0.11 https://launchpad.net/ubuntu/+source/python-django/1.3.1-4ubuntu1.19

Related News