Your submission was sent successfully! Close

USN-5204-1: Django vulnerabilities

05 January 2022

Several security issues were fixed in Django.

Releases

Packages

Details

Chris Bailey discovered that Django incorrectly handled evaluating
submitted passwords. A remote attacker could possibly use this issue to
consume resources, resulting in a denial of service. (CVE-2021-45115)

Dennis Brinkrolf discovered that Django incorrectly handled the dictsort
template filter. A remote attacker could possibly use this issue to obtain
sensitive information. (CVE-2021-45116)

Dennis Brinkrolf discovered that Django incorrectly handled certain file
names. A remote attacker could possibly use this issue to save files to
arbitrary filesystem locations. (CVE-2021-45452)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 21.10
Ubuntu 21.04
Ubuntu 20.04
Ubuntu 18.04

In general, a standard system update will make all the necessary changes.