Forum: 1st Choice Core

Django vulnerability

From bugz_ubuntu@21:4/110 to Ubuntu Users on Thursday, December 19, 2019 00:10:09

python-django vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

* Ubuntu 19.10
* Ubuntu 19.04
* Ubuntu 18.04 LTS
* Ubuntu 16.04 LTS

Summary

Django accounts could be hijacked through password reset requests.

Software Description

* python-django - High-level Python web development framework

Details

Simon Charette discovered that the password reset functionality in
Django used a Unicode case insensitive query to retrieve accounts
associated with an email address. An attacker could possibly use
this to obtain password reset tokens and hijack accounts.

Update instructions

The problem can be corrected by updating your system to the
following package versions:

Ubuntu 19.10
python-django - 1:1.11.22-1ubuntu1.1
python3-django - 1:1.11.22-1ubuntu1.1

Ubuntu 19.04
python-django - 1:1.11.20-1ubuntu0.3
python3-django - 1:1.11.20-1ubuntu0.3

Ubuntu 18.04 LTS
python-django - 1:1.11.11-1ubuntu1.6
python3-django - 1:1.11.11-1ubuntu1.6

Ubuntu 16.04 LTS
python-django - 1.8.7-1ubuntu5.11
python3-django - 1.8.7-1ubuntu5.11

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary
changes.

References

* CVE-2019-19844

--- Mystic BBS v1.12 A43 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)

From bugz_ubuntu@21:4/110 to Ubuntu Users on Tuesday, February 04, 2020 00:10:00

python-django vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

* Ubuntu 19.10
* Ubuntu 18.04 LTS

Summary

Django could be vulnerable to SQL injection attacks.

Software Description

* python-django - High-level Python web development framework

Details

Simon Charette discovered that Django incorrectly handled input in
the PostgreSQL module. A remote attacker could possibly use this
to perform SQL injection attacks.

Update instructions

The problem can be corrected by updating your system to the
following package versions:

Ubuntu 19.10
python-django - 1:1.11.22-1ubuntu1.2
python3-django - 1:1.11.22-1ubuntu1.2

Ubuntu 18.04 LTS
python-django - 1:1.11.11-1ubuntu1.7
python3-django - 1:1.11.11-1ubuntu1.7

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary
changes.

References

* CVE-2020-7471

--- Mystic BBS v1.12 A43 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)

From bugz_ubuntu@21:4/110 to Ubuntu Users on Wednesday, March 04, 2020 12:10:07

python-django vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

* Ubuntu 19.10
* Ubuntu 18.04 LTS
* Ubuntu 16.04 LTS

Summary

Django could allow unintended access to the database.

Software Description

* python-django - High-level Python web development framework

Details

Norbert Szetei discovered that Django incorrectly handled the GIS
functions and aggregates on Oracle. A remote attacker could
possibly use this issue to perform an SQL injection attack.

Update instructions

The problem can be corrected by updating your system to the
following package versions:

Ubuntu 19.10
python-django - 1:1.11.22-1ubuntu1.3
python3-django - 1:1.11.22-1ubuntu1.3

Ubuntu 18.04 LTS
python-django - 1:1.11.11-1ubuntu1.8
python3-django - 1:1.11.11-1ubuntu1.8

Ubuntu 16.04 LTS
python-django - 1.8.7-1ubuntu5.12
python3-django - 1.8.7-1ubuntu5.12

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary
changes.

References

* CVE-2020-9402

--- Mystic BBS v1.12 A45 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)

Who's Online

System Info

Sysop:	sneaky
Location:	Ashburton,NZ
Users:	2
Nodes:	8 (0 / 8)
Uptime:	104:39:49
Calls:	2,124
Files:	11,149
D/L today:	20 files (10,861K bytes)
Messages:	950,774