Ubuntu alert USN-7903-1 (python-django)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7903-1] Django vulnerabilities | |
| Date: | Tue, 02 Dec 2025 18:07:09 +0000 | |
| Message-ID: | <E1vQUmL-0006ly-1J@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-7903-1 December 02, 2025 python-django vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Django. Software Description: - python-django: High-level Python web development framework Details: It was discovered that Django incorrectly handled certain characters in the FilteredRelation object. An attacker could possibly use this issue to execute arbitrary SQL commands. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2025-13372) Seokchan Yoon discovered that Django inefficiently handled deserialization of XML objects. An attacker could possibly use this issue to cause Django to use excessive resources, causing a denial of service. (CVE-2025-64460) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 python3-django 3:5.2.4-1ubuntu2.2 Ubuntu 25.04 python3-django 3:4.2.18-1ubuntu1.7 Ubuntu 24.04 LTS python3-django 3:4.2.11-1ubuntu1.13 Ubuntu 22.04 LTS python3-django 2:3.2.12-2ubuntu1.24 Ubuntu 20.04 LTS python3-django 2:2.2.12-1ubuntu0.29+esm6 Available with Ubuntu Pro Ubuntu 18.04 LTS python-django 1:1.11.11-1ubuntu1.21+esm13 Available with Ubuntu Pro python3-django 1:1.11.11-1ubuntu1.21+esm13 Available with Ubuntu Pro Ubuntu 16.04 LTS python-django 1.8.7-1ubuntu5.15+esm10 Available with Ubuntu Pro python3-django 1.8.7-1ubuntu5.15+esm10 Available with Ubuntu Pro Ubuntu 14.04 LTS python-django 1.6.11-0ubuntu1.3+esm9 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7903-1 CVE-2025-13372, CVE-2025-64460 Package Information: https://launchpad.net/ubuntu/+source/python-django/3:5.2.... https://launchpad.net/ubuntu/+source/python-django/3:4.2.... https://launchpad.net/ubuntu/+source/python-django/3:4.2.... https://launchpad.net/ubuntu/+source/python-django/2:3.2....
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmkvKFwACgkQcpJm3tlz hgEkyxAAum/b7TcDAIgSEENO1eRJFUIbPEv4Uk3hBwKFq6ImKHC+vJeZBV1Nn6VX xRplwefYPCviWfQjWrukNDF3XIjDxQefr3TfYcg4qXdQ/1kMbKloFKhBfkb0KDwK 0Zqcytv4KSqOZT2REndPsiyI/Ni8uVAJH7MOfdUtkqUaGOKBV71qW7MRl48mxKuc jwz6WSkapi7ZHZDFh2rUm4atYE2Q6WImbcrYprygWQBZ5wwQFfn82UjZlfuJee41 anwNdgh/vZg53rMfZkZbPcWA+sEEwy1VCZhWPlzANWrrnr0fqPpfMz/pUglAobOG Waxn7oNG14727SuvWij+0pNtYNPzQqFhTtGbLD2SZzevoh8+gc9enLRVXQOZq9Hm lLEgFTGL351Dfco/uiNS9WJt2Wa4yED4TColp1LcDDi+b7iUWfxR2T3QMntONrmG PRYeDGqrc9ZfkUD/01GFeahMPkc47QtIA1Lbx4sQp7On2NUzaZaqj8Sio5+ZSHA1 WwHvUngAoL5FUZmJ6mKT3N+ujh6EshGxWy7poJldfxN4Gk2P/16E+3xJhn80VpiV KlQKUBRQhdhWYzXL43ztQZjCC8nTITiUQXfLMhFMfaCRaa4ZfCFli0WZYTmm0LbJ JtRhUCHo8bk8V/D0hQaPmJAl5XrCA9ACJk1ZzwvuBWeO3E0rMwg= =OH63 -----END PGP SIGNATURE-----