Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Ubuntu 21.10: USN-5178-1 Critical: Django Sensitive Info Exposure

ubuntu
Calendar Grey December 7, 2021
Dist Ubuntu Esm H88
A Django vulnerability revealed confidential data in Ubuntu distributions. Ensure you update immediately to safeguard against potential threats.
Django could be made to expose sensitive information.

Summary

Django could be made to expose sensitive information.

Software Description:

- python-django: High-level Python web development framework

Details:

Sjoerd Job Postmus and TengMA discovered that Django incorrectly handled

URLs with trailing newlines. A remote attacker could possibly use this

issue to bypass certain access controls.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
  python3-django                  2:2.2.24-1ubuntu1.1

Ubuntu 21.04:
  python3-django                  2:2.2.20-1ubuntu0.3

Ubuntu 20.04 LTS:
  python3-django                  2:2.2.12-1ubuntu0.8

In general, a standard system update will make all the necessary changes.

References

CVE-2021-44420

Severity
critical
Lowest
Low
Medium
High
Critical

December 07, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.