Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 568
Alerts This Week
Warning Icon 1 568

Ubuntu: 4084-1 Critical Advisory: python-django Denial of Service

ubuntu
Calendar Grey August 1, 2019
Dist Ubuntu Esm H88
Uncover vital Django vulnerabilities impacting Ubuntu variants and remediation strategies within this advisory report.
Several security issues were fixed in Django.

Summary

Several security issues were fixed in Django.

Software Description:

- python-django: High-level Python web development framework

Details:

It was discovered that Django incorrectly handled the Truncator function. A

remote attacker could possibly use this issue to cause Django to consume

resources, leading to a denial of service. (CVE-2019-14232)

It was discovered that Django incorrectly handled the strip_tags function.

A remote attacker could possibly use this issue to cause Django to consume

resources, leading to a denial of service. (CVE-2019-14233)

It was discovered that Django incorrectly handled certain lookups in the

PostgreSQL support. A remote attacker could possibly use this issue to

perform SQL injection attacks. (CVE-2019-14234)

It was discovered that Django incorrectly handled certain invalid UTF-8

octet sequences. A remote attacker could possibly use this issue to cause

Django to consume resources, leading to a denial of service.

(CVE-2019-1...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
  python-django                   1:1.11.20-1ubuntu0.2
  python3-django                  1:1.11.20-1ubuntu0.2

Ubuntu 18.04 LTS:
  python-django                   1:1.11.11-1ubuntu1.5
  python3-django                  1:1.11.11-1ubuntu1.5

Ubuntu 16.04 LTS:
  python-django                   1.8.7-1ubuntu5.10
  python3-django                  1.8.7-1ubuntu5.10

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4084-1

CVE-2019-14232, CVE-2019-14233, CVE-2019-14234, CVE-2019-14235

Severity
critical
Lowest
Low
Medium
High
Critical

August 01, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.