========================================================================== Ubuntu Security Notice USN-4296-1 March 04, 2020
python-django vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Django could allow unintended access to the database. Software Description: - python-django: High-level Python web development framework Details: Norbert Szetei discovered that Django incorrectly handled the GIS functions and aggregates on Oracle. A remote attacker could possibly use this issue to perform an SQL injection attack. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: python-django 1:1.11.22-1ubuntu1.3 python3-django 1:1.11.22-1ubuntu1.3 Ubuntu 18.04 LTS: python-django 1:1.11.11-1ubuntu1.8 python3-django 1:1.11.11-1ubuntu1.8 Ubuntu 16.04 LTS: python-django 1.8.7-1ubuntu5.12 python3-django 1.8.7-1ubuntu5.12 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4296-1 CVE-2020-9402 Package Information: https://launchpad.net/ubuntu/+source/python-django/1:1.11.22-1ubuntu1.3 https://launchpad.net/ubuntu/+source/python-django/1:1.11.11-1ubuntu1.8 https://launchpad.net/ubuntu/+source/python-django/1.8.7-1ubuntu5.12
signature.asc
Description: OpenPGP digital signature
-- ubuntu-security-announce mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
