Ubuntu 4932-2: Django vulnerability | LinuxSecurity.com

Advisories

==========================================================================
Ubuntu Security Notice USN-4932-2
May 13, 2021

python-django vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM

Summary:

Django could be made to overwrite files.

Software Description:
- python-django: High-level Python web development framework

Details:

USN-4932-1 fixed a vulnerability in Django. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

 It was discovered that Django incorrectly handled certain
 filenames. A remote attacker could possibly use this issue to create or
 overwrite files in unexpected directories.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
  python-django                   1.8.7-1ubuntu5.15+esm1
  python3-django                  1.8.7-1ubuntu5.15+esm1

Ubuntu 14.04 ESM:
  python-django                   1.6.11-0ubuntu1.3+esm3

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-4932-2
  https://ubuntu.com/security/notices/USN-4932-1
  CVE-2021-31542

Ubuntu 4932-2: Django vulnerability

May 13, 2021

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Django could be made to overwrite files. Software Description: - python-django: High-level Python web development framework Details: USN-4932-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories.

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: python-django 1.8.7-1ubuntu5.15+esm1 python3-django 1.8.7-1ubuntu5.15+esm1 Ubuntu 14.04 ESM: python-django 1.6.11-0ubuntu1.3+esm3 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4932-2

https://ubuntu.com/security/notices/USN-4932-1

CVE-2021-31542

Severity
Ubuntu Security Notice USN-4932-2

Package Information

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.