Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-5653-1

Ubuntu Security Notice 5653-1 - Benjamin Balder Bach discovered that Django incorrectly handled certain internationalized URLs. A remote attacker could possibly use this issue to cause Django to crash, resulting in a denial of service.

Packet Storm
#vulnerability#web#ubuntu#dos

==========================================================================
Ubuntu Security Notice USN-5653-1
October 04, 2022

python-django vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS

Summary:

Django could be made to crash if it received specially crafted network
traffic.

Software Description:

  • python-django: High-level Python web development framework

Details:

Benjamin Balder Bach discovered that Django incorrectly handled certain
internationalized URLs. A remote attacker could possibly use this issue to
cause Django to crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
python3-django 2:3.2.12-2ubuntu1.3

Ubuntu 20.04 LTS:
python3-django 2:2.2.12-1ubuntu0.14

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5653-1
CVE-2022-41323

Package Information:
https://launchpad.net/ubuntu/+source/python-django/2:3.2.12-2ubuntu1.3
https://launchpad.net/ubuntu/+source/python-django/2:2.2.12-1ubuntu0.14

Related news

Red Hat Security Advisory 2023-2097-03

Red Hat Security Advisory 2023-2097-03 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include code execution, cross site scripting, denial of service, deserialization, improper neutralization, information leakage, and remote shell upload vulnerabilities.

Red Hat Security Advisory 2023-0742-01

Red Hat Security Advisory 2023-0742-01 - Red Hat Update Infrastructure offers a highly scalable, highly redundant framework that enables you to manage repositories and content. It also enables cloud providers to deliver content and updates to Red Hat Enterprise Linux instances. Issues addressed include a bypass vulnerability.

GHSA-qrw5-5h28-6cmg: Denial-of-service vulnerability in internationalized URLs

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution