==========================================================================
Ubuntu Security Notice USN-3591-1
March 06, 2018
python-django vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 17.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Django.
Software Description:
– python-django: High-level Python web development framework
Details:
James Davis discovered that Django incorrectly handled certain template
filters. A remote attacker could possibly use this issue to cause Django
to consume resources, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.10:
python-django 1:1.11.4-1ubuntu1.2
python3-django 1:1.11.4-1ubuntu1.2
Ubuntu 16.04 LTS:
python-django 1.8.7-1ubuntu5.6
python3-django 1.8.7-1ubuntu5.6
Ubuntu 14.04 LTS:
python-django 1.6.11-0ubuntu1.2
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3591-1
CVE-2018-7536, CVE-2018-7537
Package Information:
https://launchpad.net/ubuntu/+source/python-django/1:1.11.4-1ubuntu1.2
https://launchpad.net/ubuntu/+source/python-django/1.8.7-1ubuntu5.6
https://launchpad.net/ubuntu/+source/python-django/1.6.11-0ubuntu1.2
—–BEGIN PGP SIGNATURE—–
iQIcBAEBCgAGBQJansZFAAoJEGVp2FWnRL6T2xIP/R610L9rjhzmY2XT555uGrvz
vGMRbMKGlXXOrVq66KSnCVvxwqvlKWdygxzDo1iCmUdZvY+jhTaDkBmof4cOmDwA
d5QntU5RJ1viywru5M33IQqn/RTO8IW/P5KLQxzVEru8rASdSuPnVPOx9POeuvzm
s3yDDDq+mX0ZnmylN/dqVcm6jM+/y563m0t3ehUX21z4zhLmXHcNm5IUITsFYWh9
866RprY7MLmDtAUG5MvuWH1alWjl71L88qoh/8Bhv2ZhzIiQQvJwbIYqsZhbZ6AM
5wV5QIAWm+ml6oEpIrt+VFD5xPLVYt/4Z+98QsxFnlMTvxUEzUKUVvb/ER/iG1Hk
/rh1iiHpmF4opVe9ZpCgQtA8jJGlteiRWjjc/LETRECInM6mDo0R7Kdn1rD2gaqQ
J270HftW7J5+2hAMdBYo0NvHfDnQdpOpQD+ZR/vzDdFp2RMMyjR6mveHa3H9LDwb
UsQkFv3WtabRaKK+yGSJ1vihchxMoB+P5+h87cZQT1d6cltr7tn+U4uaFfsjhf9e
xBeIxVDFoy2EofsphkGydod+0b+/JZROWMpNBIq0c/YgxQo7n/xPkzParKQdIq2j
pjCgAVeYVliEW/xr8uGyC2rooRMeySwIMg6rAiCJ3OZIoEW+mwQ4pAycPDx8QWux
3kXZYLC/cFmeKIPO2hBx
=o+he
—–END PGP SIGNATURE—–
—