Headline
Ubuntu Security Notice USN-6623-1
Ubuntu Security Notice 6623-1 - It was discovered that Django incorrectly handled certain inputs that uses intcomma template filter. An attacker could possibly use this issue to cause a denial of service.
==========================================================================
Ubuntu Security Notice USN-6623-1
February 06, 2024
python-django vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
Summary:
Django could be made to denial of service if received a specially
crafted input.
Software Description:
- python-django: High-level Python web development framework
Details:
It was discovered that Django incorrectly handled certain inputs
that uses intcomma template filter. An attacker could possibly
use this issue to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10:
python3-django 3:4.2.4-1ubuntu2.1
Ubuntu 22.04 LTS:
python3-django 2:3.2.12-2ubuntu1.10
Ubuntu 20.04 LTS:
python3-django 2:2.2.12-1ubuntu0.21
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
python-django 1:1.11.11-1ubuntu1.21+esm3
python3-django 1:1.11.11-1ubuntu1.21+esm3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6623-1
CVE-2024-24680
Package Information:
https://launchpad.net/ubuntu/+source/python-django/3:4.2.4-1ubuntu2.1
https://launchpad.net/ubuntu/+source/python-django/2:3.2.12-2ubuntu1.10
https://launchpad.net/ubuntu/+source/python-django/2:2.2.12-1ubuntu0.21
Related news
Red Hat Security Advisory 2024-5662-03 - An update is now available for Red Hat Satellite 6.15 for RHEL 8.
Red Hat Security Advisory 2024-1878-03 - An updated version of Red Hat Update Infrastructure is now available. RHUI 4.8 fixes several security an operational bugs, adds some new features and upgrades the underlying Pulp to a newer version. Issues addressed include HTTP request smuggling, crlf injection, denial of service, and traversal vulnerabilities.
Red Hat Security Advisory 2024-1640-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include HTTP request smuggling, denial of service, local file inclusion, memory leak, and traversal vulnerabilities.
Red Hat Security Advisory 2024-1057-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include crlf injection and denial of service vulnerabilities.
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.