-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBGeBatcBEADjeQnyxPSr7H1YUPEsajiaOvZWs8PDHdaNFnE/tc9VxO6VcKYi
QkhLrsjmWhho7/lZ4JhtRD1btqRisXdvo9y+1gcDUxzBERjgACKJbKtS0kdxnq5q
DSePEos7IrcSo1XQBuRIdgWX3NEcdlEVzq5wKrmB+DdULg1SpY6k7gXvImUGPAR5
KMAuy/5opJxB9BWhJMgcO3SJiz5nkKBMUb1sUHL/vvBeYrg4PGHgmK7ueHjMz5em
ezMLlA8LribR7QC1LfQSMIgIG5iD/J2HQoEvTxxUxU9LguyAiXnCSnnvnHtfiipp
w7dQBPok49ivobZKCjZtq/GaSi7DX2aZlLIinykA7vyUdJ0bZjvlxfvWxgpaiyvH
7YcApMbJXXjGw+e1/jYMu/fmG7MfABLGOvVoCjUAfYBLRO+dQjOh5X/sZK7jZ2PI
3vK3YQTc0UGMapnMRgUvxCZxgSFZDcJ2kqm4GQtK7d7prf/F3vLR/gtPS5i8jd25
tNi0ZC+kFCBn08UFq0UFFWvnmh7ppFPHRr38Xx8eODwDPOcJWE0I3rQMk6LDHi+q
m+pc7CWar7DGhINp4aRFYdbRH6zjSI61ykUc0nwsONfnc0Np6T1OMOU3DyXgHHFz
WFXux0mrzAq/5gjA6mv2JJY1fOhuFnsIzNG7WCe9huJRJEiIfOCVo7IlJQARAQAB
zSdFbGlzZSBIbGFkeSA8ZWxpc2UuaGxhZHlAY2Fub25pY2FsLmNvbT7CwZEEEwEK
ADsWIQQH+DF/t3wJ3Y4qGom28kkOEszckwUCZ4Fq1wIbAwULCQgHAgIiAgYVCgkI
CwIEFgIDAQIeBwIXgAAKCRC28kkOEszck2lkD/9y+cQNytnBgIwCmHSGn1f2XYNc
sgWAwtdAAlgo/50SE/ayGJKKER4vUlN/PQg1tyGfQJFrvqd9e+pkWpnPYYdBuJpo
Dy2ipQPbmJ3CZsS1q+9CMPNmokYVORWg55YHRsgB8PdypA3lu59Zg6jdoZAYjjXl
3CVo8CoYvp0YxHFiMgGfCRIMkm4sHltFrKbmHdi3L7yxf7C8TTbl1uMAfs22zzqo
SRaG/q/G6782wvTurlM8Nr+uJqm4WFKMy2pWsVWrRusa4bilc8a0Kosk/a+E/4cH
7lfLIeK7pGOpEyEDRm7jzuzaxuMI2Y8dAT2xa7YVPMXKgH0qsb0HiQpPMgrI1CXn
UxHCfcrZd68cN6eNKU9JH2Hz2w6Owfgysci/nqDr0/3qajY2+NY92+lsEWqtgMWQ
R6ycYtpE4WRshDPHm658aaG6V2jgC4Z5LlPa2uY6Zqjm7b0mBMKs1eLfq7uiGQhu
YJ8eQBArsYmavQAyIMxdAvhqaGYvQPFIv+TPJxCXGsKP9/Lykv3fq18oQFjoRiDy
XMBs7saHrJGfWr8MvTPPMOEqThNmdxEEQW7DdcjIrhEoTXlASCdYzMQMluIoxlSV
yDPzXUh50lkFFcEe0G09FDzfNQWdkDohBPjPMcxBZjWducKcrhVNK98ftbW4nZyB
VW9NwihohGOwhir0XM7BTQRngWrXARAAwjuOxPaESvIAi+SUDluDZK5ClLXIZRTe
nV93C+eOZQEgLw1UxEpwRJjr8odzfDkzuoyVP+tzruTPJqzcyGrMDZUtJuk/Ljc1
vy3zISlNI0EKk5G3KRzhuDu+CKVDsSqjnOdXRsRahpTof8kfdJeRzxVQMT/MrMls
FF96163kreVWCMSmS8x20Y0fmDm0ei0aCmE6bKwDrEElesAl0O646YckVeDXsylj
TBLJ/pezHgfBxegO/AweuMHqpHeUuC3AuqZTbFCFTET/M1LNI9lJFTgfEAsJ6Bvh
5b9dF87D/s1TDBuMU0XiX69idFE2O5DeaN6mv44xO49ovpNEVeIJOYTxXMXCoLEy
FLe9UJMnu/5jxmdXavJm3/CgzdV4aj7F1zcTWdndFtklWr2sfFG2+Udelwxtx+sR
qvdlfFu/BncceLIklMeXv0cNxvpSkZlEobpfJFPhAhpce8L3Kkay66Acx7/LB3L1
Yo1fihePbPoAowRjUR8LIuXuAUT82sD3Gd61P9Xi3yMG7Q9Y/xUyL260y+JDh9tt
MvnyADbALeiwb5tL6YxEiSScoWLXCi7A+UODDa50mNsmV6a5Dt6/ejzL/nkfQYFj
l3uydBLfCXGAcT9vwwwJ9KWKSoJwZwMn5P1EDJh7e+khb39dSiSr9EYgj2fDs07Y
Ug8+4m/CnS8AEQEAAcLBdgQYAQoAIBYhBAf4MX+3fAndjioaibbySQ4SzNyTBQJn
gWrXAhsMAAoJELbySQ4SzNyTr1MQAMFipPvbsiASQt0bsaNiPDJ6csqrBKKjDmUU
hnWhwvhbJvH6f7RCJbWKTYBYeqh7p9mBmoQhB3R4de3RtKM7AXzZS2AtVZA7e8Z/
O6wsYfKzbpGqgwDe3PChvMFhwsOTajU+yKbtM49TBABD2deUiRcPRMR3uqj9kh+i
4L0JmpIajoQNV2shF8G9GWQ4GSyah/R04kfXepMNlS0CLLIQ869DGPvddog+qjDk
OenqYW+KlKLu0iYPMYMUxllsv/mllc5VD8suXxSxXKu7I1ABj2Ulw0Jfg62KXqG+
1T3cMyM1U5Wx2vdp7kQ6Jee5flsp9xbR/fXfQLw5T4oXjyaBgUcP8Uwvvb9t7BuY
r79gCFIPf85/QddpnT7F/k05XrC39uqVfcBEg78ZKCET+ldDN9cimWVorh9WpOCt
O8AjoQeZC8nFxQpHtgOCuG833SQQFehizKJqscJ3JoKNGawNGXg29yNuzABMCBuZ
Vr4oKe6dNaxe/NtLruPEfT/HPlENJtD2B0PF/Mj02tOyOz81U4rvXBPasjCBXbXJ
u6akPZaj9ptb0IxEdUMX04doHIQ2aB+GBtknIfvRnDW2fLK17aFc3sOGego/6lBs
uC1kYsrAGMrnj4duMV8K078T06bqPdaKoyMrtjn1UmoDoy4vA0K2NazW1wqki9+t
pBm+TEdF
=EqVE
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEB/gxf7d8Cd2OKhqJtvJJDhLM3JMFAmfZs4UFAwAAAAAACgkQtvJJDhLM3JOE
8hAAmC3Q9heC2k3EOGyQx0KcSTuqHgniHDekf/ozlKB5Gl4UCkdCb9vadIa8pMbyI80hMwwKakWo
M1463vALTWqABbC+NvWrNTtZLPbgLFavGZQsBJV65oNwTLQ63PfUlKd+NUohYfXWSdEqDh9W6WXG
IvmIQETxJuyy23MuP7EGts6h4euUuHiohtpXK/CUKw4gKJyryjEuknOiGIZTRo0U6SXborTq9s8n
qOd5+ujWD9IlH0448peJRS2wegDHfgXglpBjwR0jJFrpeizZkqObjtS0QVbfTPsP23Dtmd+ZvgdP
uhsePxYy2MkgyHEiHQY9IZC2A+hZVZ9or5+HykyrSayGZRtYMDQKlodVIf+a2r30R11n7h2vAPVj
tUW0k09BnNhz9PK2cwAOivhdeaLWmiUl+99N3JqiGXoGX6zZskWRAFWulr9BuQIsx77qi7TmjY47
TFTW5Kj2Dp8q3pRdlVt91ZkdfraEgSO3ZE78IYH6P5PuA0PDKtqvGfRkNyzC88RsWXgUi9+/ZGp8
PE1hqKuD3DY+FVwR0R2gnjXwgX2SspQyszfFZoHB0fd6H6johxAqqPjNZRGa3ySJkYDGMMe3zLxf
Q1RLfAH9a0StvBb690H4WBxpX93vgeUVfCfEVJLaSm7SP7mgT6O+Nw64WqvDtbkIpy29NnvATTZA
JBg=
=W3uF
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7354-1
March 17, 2025
djoser vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
djoser could be made to bypass authentication checks during login.
Software Description:
- djoser: REST implementation of Django authentication system
Details:
Diego Cebrián discovered that djoser did not properly handle user
authentication. An attacker with valid credentials could possibly
use this to bypass authentication checks, such as two-factor
authentication, to gain unintended access.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
python3-djoser 2.1.0-1ubuntu0.24.10.1
Ubuntu 24.04 LTS
python3-djoser 2.1.0-1ubuntu0.24.04.1
Ubuntu 22.04 LTS
python3-djoser 2.1.0-1ubuntu0.22.04.1
Ubuntu 20.04 LTS
python3-djoser 2.0.3-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7354-1
CVE-2024-21543
Package Information:
https://launchpad.net/ubuntu/+source/djoser/2.1.0-1ubuntu0.24.10.1
https://launchpad.net/ubuntu/+source/djoser/2.1.0-1ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/djoser/2.1.0-1ubuntu0.22.04.1
No comments:
Post a Comment