Ubuntu alert USN-7555-2 (python-django)
| From: | "Leonidas S. Barbosa" <leo.barbosa@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7555-2] Django vulnerability | |
| Date: | Mon, 16 Jun 2025 15:21:36 -0300 | |
| Message-ID: | <aFBgsNCwH4Qshvcs@d4rkl41n> |
========================================================================== Ubuntu Security Notice USN-7555-2 June 16, 2025 python-django vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Django could be made to log injection if received specially crafted input. Software Description: - python-django: High-level Python web development framework Details: USN-7555-1 fixed vulnerabilities in Django. The fix was incomplete. This update applies an additional patch to fix it properly. Original advisory details: It was discovered that Django incorrectly handled certain unescaped request paths. An attacker could possibly use this issue to perform a log injection. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 python3-django 3:4.2.18-1ubuntu1.3 Ubuntu 24.10 python3-django 3:4.2.15-1ubuntu1.6 Ubuntu 24.04 LTS python3-django 3:4.2.11-1ubuntu1.9 Ubuntu 22.04 LTS python3-django 2:3.2.12-2ubuntu1.20 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7555-2 https://ubuntu.com/security/notices/USN-7555-1 https://launchpad.net/bugs/2113924 Package Information: https://launchpad.net/ubuntu/+source/python-django/3:4.2.... https://launchpad.net/ubuntu/+source/python-django/3:4.2.... https://launchpad.net/ubuntu/+source/python-django/3:4.2.... https://launchpad.net/ubuntu/+source/python-django/2:3.2....
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmhQYK0ACgkQRbznW4QL H2mW5w//U4sEzTlq9yxieVkup0UgMrAmaXS2p1tI46GTJc5PrU/bw3yWOO6tUv6T YItvFSjqRSdS0kfTPjtzdKXiPWrmhZ8HysY5aAyWrqnSfsw61bs6WDMlnTVtDSal q2qzPqB+6XocD4pvDXHBJrqAVwLzYNNiXa1/GqEA5PLEtrdt7KYdxoBLFFCj4AA8 Rb6+M0Vp7u5B+zwIQL/wmxQ+J/CX+ELSjgH+aYX2vtqUShhwiTVytw+sWzH6gt6B U/IGyDeN3+O008OYObl+shW5qZuVMfYczn8gdUrQ57utc7IWeRrC5wuHB2FwBi9i 5dfkUKv60+ALi6u0rSD62mP8366e/NBehdglW75j/ApK+sOVjPCBn2Eew81vrHH1 J2EwxiRl47QUbFJMGo52Mab8T7Zt6ZeJyLszillDZk3pQ8yrKZD2CUhs8jL/ggHt 5k3ikFT8ghSG76givYaYdv68Vj5WDVQk/fRDX+45Eo3+U2srkzWLTRtZAGzoDtpH AaJYQTt25esb49FvuiVaPHXsX7kW0KNWyHXsN6pDMOSrmBQxiZseBHSenOUwfOMf X3eAcHj5Kty9addmjHxqSf6iC3v81tznNEL3PJrLzZy7DzUNbtQhwG2elEQu9ajn 27Igjai7z9YrjKaNIRoXliZWE44UjBiJx4ES1FlIilpp1MF6Cyg= =UgUH -----END PGP SIGNATURE-----