Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6987-1

Ubuntu Security Notice 6987-1 - It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. It was discovered that Django incorrectly handled certain email sending failures. A remote attacker could possibly use this issue to enumerate user emails by issuing password reset requests and observing the outcomes.

Packet Storm
#vulnerability#web#ubuntu#dos

==========================================================================
Ubuntu Security Notice USN-6987-1
September 03, 2024

python-django vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 24.04 LTS
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Django.

Software Description:

  • python-django: High-level Python web development framework

Details:

It was discovered that Django incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2024-45230)

It was discovered that Django incorrectly handled certain email sending
failures. A remote attacker could possibly use this issue to enumerate
user emails by issuing password reset requests and observing the outcomes.
(CVE-2024-45231)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
python3-django 3:4.2.11-1ubuntu1.3

Ubuntu 22.04 LTS
python3-django 2:3.2.12-2ubuntu1.14

Ubuntu 20.04 LTS
python3-django 2:2.2.12-1ubuntu0.25

Ubuntu 18.04 LTS
python-django 1:1.11.11-1ubuntu1.21+esm7
Available with Ubuntu Pro
python3-django 1:1.11.11-1ubuntu1.21+esm7
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6987-1
CVE-2024-45230, CVE-2024-45231

Package Information:
https://launchpad.net/ubuntu/+source/python-django/3:4.2.11-1ubuntu1.3
https://launchpad.net/ubuntu/+source/python-django/2:3.2.12-2ubuntu1.14
https://launchpad.net/ubuntu/+source/python-django/2:2.2.12-1ubuntu0.25

Related news

Red Hat Security Advisory 2024-8534-03

Red Hat Security Advisory 2024-8534-03 - An update is now available for Red Hat Ansible Automation Platform 2.5. Issues addressed include cross site scripting and memory exhaustion vulnerabilities.

GHSA-5hgc-2vfp-mqvc: Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters

An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

GHSA-rrqc-c2jx-6jgv: Django allows enumeration of user e-mail addresses

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution