Your submission was sent successfully! Close

USN-5373-2: Django vulnerabilities

11 April 2022

Several security issues were fixed in Django.

Releases

Packages

Details

USN-5373-1 fixed several vulnerabilities in Django. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that Django incorrectly handled certain certain column
aliases in the QuerySet.annotate(), aggregate(), and extra() methods. A
remote attacker could possibly use this issue to perform an SQL injection
attack. (CVE-2022-28346)

It was discovered that the Django URLValidator function incorrectly handled
newlines and tabs. A remote attacker could possibly use this issue to
perform a header injection attack. (CVE-2021-32052)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04
Ubuntu 14.04

In general, a standard system update will make all the necessary changes.

Related notices

  • USN-4975-1: python-django-common, python-django, python3-django, python-django-doc
  • USN-5373-1: python-django-common, python-django, python3-django, python-django-doc