Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu: USN-6946-1 Moderate: Django Denial Of Service and Memory Issues

ubuntu
Calendar Grey August 6, 2024
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-6947-1 provides critical updates for PostgreSQL vulnerabilities with detailed remediation steps and impacted versions.
Several security issues were fixed in Django.

Summary

Several security issues were fixed in Django.

Software Description:

- python-django: High-level Python web development framework

Details:

It was discovered that Django incorrectly handled certain strings in

floatformat function. An attacker could possibly use this issue to

cause a memory exhaustion. (CVE-2024-41989)

It was discovered that Django incorrectly handled very large inputs.

An attacker could possibly use this issue to cause a denial of service.

(CVE-2024-41990)

It was discovered that Django in AdminURLFieldWidget incorrectly

handled certain inputs with a very large number of Unicode characters.

An attacker could possibly use this issue to cause a denial of service.

(CVE-2024-41991)

It was discovered that Django incorrectly handled certain JSON objects.

An attacker could possibly use this issue to cause a potential SQL

injection. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 24.04

LTS. (CVE-2024-42005)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  python3-django                  3:4.2.11-1ubuntu1.2

Ubuntu 22.04 LTS
  python3-django                  2:3.2.12-2ubuntu1.13

Ubuntu 20.04 LTS
  python3-django                  2:2.2.12-1ubuntu0.24

Ubuntu 18.04 LTS
  python-django                   1:1.11.11-1ubuntu1.21+esm6
                                  Available with Ubuntu Pro
  python3-django                  1:1.11.11-1ubuntu1.21+esm6
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6946-1

CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, CVE-2024-42005

Ubuntu Security Notice USN-6946-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here