USN-4975-1: Django vulnerabilities
02 June 2021
Several security issues were fixed in Django.
- python-django - High-level Python web development framework
It was discovered that the Django URLValidator function incorrectly handled
newlines and tabs. A remote attacker could possibly use this issue to
perform a header injection attack. This issue only affected Ubuntu 20.04
LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-32052)
Rasmus Lerchedahl Petersen and Rasmus Wriedt Larsen discovered that Django
incorrectly handled path sanitation in admindocs. A remote attacker could
possibly use this issue to determine the existence of arbitrary files and
in certain configurations obtain their contents. (CVE-2021-33203)
It was discovered that Django incorrectly handled IPv4 addresses with
leading zeros. A remote attacker could possibly use this issue to perform a
wide variety of attacks, including bypassing certain access restrictions.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.
- USN-4975-2: python-django, python-django-common, python-django-doc, python3-django