==========================================================================
Ubuntu Security Notice USN-4043-1
July 01, 2019
python-django vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 19.04
– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Django.
Software Description:
– python-django: High-level Python web development framework
Details:
It was discovered that Django incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10 and Ubuntu 19.04.
(CVE-2019-12308)
Gavin Wahl discovered that Django incorrectly handled certain requests.
An attacker could possibly use this issue to bypass credentials and
access administrator interface. (CVE-2019-12781)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
python-django 1:1.11.20-1ubuntu0.1
python3-django 1:1.11.20-1ubuntu0.1
Ubuntu 18.10:
python-django 1:1.11.15-1ubuntu1.3
python3-django 1:1.11.15-1ubuntu1.3
Ubuntu 18.04 LTS:
python-django 1:1.11.11-1ubuntu1.4
python3-django 1:1.11.11-1ubuntu1.4
Ubuntu 16.04 LTS:
python-django 1.8.7-1ubuntu5.9
python3-django 1.8.7-1ubuntu5.9
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4043-1
CVE-2019-12308, CVE-2019-12781
Package Information:
https://launchpad.net/ubuntu/+source/python-django/1:1.11.20-1ubuntu0.1
https://launchpad.net/ubuntu/+source/python-django/1:1.11.15-1ubuntu1.3
https://launchpad.net/ubuntu/+source/python-django/1:1.11.11-1ubuntu1.4
https://launchpad.net/ubuntu/+source/python-django/1.8.7-1ubuntu5.9
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBAgAGBQJdGj5iAAoJEEW851uECx9pcrwP/icGdixEPx2uLX5cLO6XioNT
yCrxNvxomXh5onc0lx5l/X2g8iAvbNmB/sV8TsoCNnQYnqnrvVr2w97wbG+ENc0k
dEbfqqyRSgkZ6OLe2RGLWjPsHyMKxmAr2lcBcHIkbe0K5sdzExpbk3ZyHddRPIxx
+06o9TuyvkgaRsxDtLjIj8V29800vIEmZWLV+arZYALKKPNG9ACJGk9lGD5Zpbri
Yp0kIoZYmF9JvdeDSBJX65QlvQ97lN02XLJcAt5VbYDmGkMpEiC7bhy7YFnWF6L7
dpmP5Ia9UEFHtnX7dkbMPotuMj0Oh/xGClUor3+7fMBdM7igPnwsx9twls9mXR4P
RLCcQfTg6BQ9hzjzgIHxuWQ/isAAIWrM7MbTXMc1PY9UKQNROkfbLqR14W1XQog2
vCR3Hx3gzLCQXw9M7Bi8O3o6iehsVIqKtFDgz3Sw1tKEoCs1x3Zwj/w249WEdyV7
3MpdcSbUOdHVLn+x5flzp5T95eq8UOeqhKn1pWEggkoiEdxGUdKzpZVlPEqP7upT
TPACXtsjBQq8DVoz7I/dofroBXORQuJOVIZ/a2Xk+ACrC83pXUTObTb5t+9A3KGw
0GYuK0HeAVnDv55/v5Fuf0SL6xRaRXO5l3BmEY3ewucQkShDqXVe3M3QU+b2fgPD
O5SqpH2fqgksyPkh6DNe
=bWl/
—–END PGP SIGNATURE—–
—