-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEE5rkwSLC9ntq84w397Dtram9gyMMFAmYUEW4FAwAAAAAACgkQ7Dtram9gyMNl
zgf9FfH8Mwj5+mhcvZ+dd61C24vFDgh/kApT8/W1db0hqYZTDSEXXjgWSeT4rH65g3BeYovNG2pH
UGnM4YIcAnTjvMK9/nJuGp16VpJco9G66l+vep9/KVmzAOI+kjXnghiTokTx1WNm9VxA2UL93us5
qRpZU09KrG/haQPp2lhiEBt/V/n2UJOQueZEoWxn7B6vJEghJvSITJSiNCJkrrfDyo2uYsGy+ovT
viNRY0BGvomXnJx/1Aa1Ql8U9R9vclixnG2uakylWP++MRIuigFR590Kr8vAvZ9bJVfeHVH4J/n+
YWjhLv/k2xG2u6s7IB+iZavNNNheOKMA+ya+uk2VNQ==
=TnUm
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6722-1
April 08, 2024
python-django vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
Django accounts could be hijacked through password reset requests.
Software Description:
- python-django: High-level Python web development framework
Details:
Simon Charette discovered that the password reset functionality in
Django used a Unicode case insensitive query to retrieve accounts
associated with an email address. An attacker could possibly use this
to obtain password reset tokens and hijack accounts.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
python-django 1.6.11-0ubuntu1.3+esm7
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6722-1
CVE-2019-19844
No comments:
Post a Comment