Django could be made to expose spoofed information over the network.
Software Description:
- python-django: High-level Python web development framework
Details:
It was discovered that Django incorrectly handled the default 404 page. A
remote attacker could use this issue to spoof content using a malicious
URL.
The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: python-django 1:1.11.15-1ubuntu1.1 python3-django 1:1.11.15-1ubuntu1.1 Ubuntu 18.04 LTS: python-django 1:1.11.11-1ubuntu1.2 python3-django 1:1.11.11-1ubuntu1.2 Ubuntu 16.04 LTS: python-django 1.8.7-1ubuntu5.7 python3-django 1.8.7-1ubuntu5.7 Ubuntu 14.04 LTS: python-django 1.6.11-0ubuntu1.3 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-3851-1
CVE-2019-3498
Get the latest Linux and open source security news straight to your inbox.