You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa python-django

Sigurnosni nedostatak programskog paketa python-django

==========================================================================
Ubuntu Security Notice USN-4224-1
December 19, 2019

python-django vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.10
– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Django accounts could be hijacked through password reset requests.

Software Description:
– python-django: High-level Python web development framework

Details:

Simon Charette discovered that the password reset functionality in
Django used a Unicode case insensitive query to retrieve accounts
associated with an email address. An attacker could possibly use this
to obtain password reset tokens and hijack accounts.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
python-django 1:1.11.22-1ubuntu1.1
python3-django 1:1.11.22-1ubuntu1.1

Ubuntu 19.04:
python-django 1:1.11.20-1ubuntu0.3
python3-django 1:1.11.20-1ubuntu0.3

Ubuntu 18.04 LTS:
python-django 1:1.11.11-1ubuntu1.6
python3-django 1:1.11.11-1ubuntu1.6

Ubuntu 16.04 LTS:
python-django 1.8.7-1ubuntu5.11
python3-django 1.8.7-1ubuntu5.11

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4224-1
CVE-2019-19844

Package Information:
https://launchpad.net/ubuntu/+source/python-django/1:1.11.22-1ubuntu1.1
https://launchpad.net/ubuntu/+source/python-django/1:1.11.20-1ubuntu0.3
https://launchpad.net/ubuntu/+source/python-django/1:1.11.11-1ubuntu1.6
https://launchpad.net/ubuntu/+source/python-django/1.8.7-1ubuntu5.11

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl36068ACgkQLwmejQBe
gfSCOg/+NGKrWPqvljJ9y5/hKPJXKE5K17dxpiekhsU1gbfuDgH0aDhjRVZQIdJS
nM6LiHp4HZtvsiOBcJmS8JkPm6X2yJJQ/Mn64svZ48+NvID8WFVTi7X6L5NKTyUX
fc0pl86halbszOpECMwViProUK8exp2JpP9PPFS2ayV/7Pmjs4pjapLhhPzyrvu2
DqOj8BqEuLNY95NYuCcYkBpJIrMU5Yv0WPEl3g8bJNS96lx3k8nkCU6tbsMLuzEV
Bn93M701UTTFabBJaSpf+f4PpKnziKFPLipZrk9cdeHn8fReJTJMgt+CjfT34v1h
sX1NC8f6jFWWujrxEI3jJ4ItA1hBWe7f/1UHikMlStQ46KsnotMEX7PjxcaHVO3u
9pqvLab2Cgy60sO8fLQ+Cu46LYz0wc08g3dKxStsGi+WU77Q7J0ZWpCGC3Junk2A
QwB9t7vmU638NOkTsQYak5CfpnC6NWSvfqFGUTsIiy15NTQHPpYcuSPBMoQ5IMA6
++P29dkIEtVaxHqewr4vDDpvH6zSK5C+M8SBq17tVEevaZZsHWHkjSXF2xQJK93T
WwMCDuC9z3AY9ns6KvmpgC0w1HYFZYSLwusP6fAoaefO3RqPqrOc+KDNd/fK5vGH
PkhkumG1qtaTZVnDpCVJzaAwPZ4HtSVtV8MKFn9CyhidvEinynQ=
=yybN
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa python-django

Otkriven je sigurnosni nedostatak u programskom paketu python-django za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim udaljenim napadačima omogućuje stjecanje uvećanih...

Close