Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 428
Alerts This Week
Warning Icon 1 428

Ubuntu 22.04 LTS USN-5549-1 Moderate: Django Input Handling Threat

ubuntu
Calendar Grey August 4, 2022
Dist Ubuntu Esm H88
Django's inadequate management may result in the exposure of confidential information on Ubuntu platforms. Update guidelines are provided.
Django could be made to expose sensitive information if it received an specially crafted input.

Summary

Django could be made to expose sensitive information if it received

an specially crafted input.

Software Description:

- python-django: High-level Python web development framework

Details:

It was discovered that Django incorrectly handled certain FileResponse.

An attacker could possibly use this issue to expose sensitive information

or gain access over user machine.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
  python3-django                  2:3.2.12-2ubuntu1.2

Ubuntu 20.04 LTS:
  python3-django                  2:2.2.12-1ubuntu0.13

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5549-1

CVE-2022-36359

August 04, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.