Headline
Ubuntu Security Notice USN-5653-1
Ubuntu Security Notice 5653-1 - Benjamin Balder Bach discovered that Django incorrectly handled certain internationalized URLs. A remote attacker could possibly use this issue to cause Django to crash, resulting in a denial of service.
==========================================================================
Ubuntu Security Notice USN-5653-1
October 04, 2022
python-django vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Django could be made to crash if it received specially crafted network
traffic.
Software Description:
- python-django: High-level Python web development framework
Details:
Benjamin Balder Bach discovered that Django incorrectly handled certain
internationalized URLs. A remote attacker could possibly use this issue to
cause Django to crash, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
python3-django 2:3.2.12-2ubuntu1.3
Ubuntu 20.04 LTS:
python3-django 2:2.2.12-1ubuntu0.14
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5653-1
CVE-2022-41323
Package Information:
https://launchpad.net/ubuntu/+source/python-django/2:3.2.12-2ubuntu1.3
https://launchpad.net/ubuntu/+source/python-django/2:2.2.12-1ubuntu0.14
Related news
Red Hat Security Advisory 2023-2097-03 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include code execution, cross site scripting, denial of service, deserialization, improper neutralization, information leakage, and remote shell upload vulnerabilities.
Red Hat Security Advisory 2023-0742-01 - Red Hat Update Infrastructure offers a highly scalable, highly redundant framework that enables you to manage repositories and content. It also enables cloud providers to deliver content and updates to Red Hat Enterprise Linux instances. Issues addressed include a bypass vulnerability.
In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.