Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Ubuntu: 24.04 LTS, 23.10, 22.04 LTS Moderate: Django Security Advisory

ubuntu
Calendar Grey July 9, 2024
Dist Ubuntu Esm H88
Essential improvements for Django on Ubuntu handling various vulnerabilities impacting latest versions.
Several security issues were fixed in Django.

Summary

Several security issues were fixed in Django.

Software Description:

- python-django: High-level Python web development framework

Details:

Elias Myllymäki discovered that Django incorrectly handled certain inputs

with a large number of brackets. A remote attacker could possibly use this

issue to cause Django to consume resources or stop responding, resulting in

a denial of service. (CVE-2024-38875)

It was discovered that Django incorrectly handled authenticating users with

unusable passwords. A remote attacker could possibly use this issue to

perform a timing attack and enumerate users. (CVE-2024-39329)

Josh Schneier discovered that Django incorrectly handled file path

validation when the storage class is being derived. A remote attacker could

possibly use this issue to save files into arbitrary directories.

(CVE-2024-39330)

It was discovered that Django incorrectly handled certain long strings that

included a specific set of characters. A remote attack...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   python3-django                  3:4.2.11-1ubuntu1.1

Ubuntu 23.10
   python3-django                  3:4.2.4-1ubuntu2.3

Ubuntu 22.04 LTS
   python3-django                  2:3.2.12-2ubuntu1.12

Ubuntu 20.04 LTS
   python3-django                  2:2.2.12-1ubuntu0.23

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6888-1

CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, CVE-2024-39614

Ubuntu Security Notice USN-6888-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here