Wednesday, May 7, 2025

[USN-7501-1] Django vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmgbpVYFAwAAAAAACgkQZWnYVadEvpOA
khAArAGSs10hBCTv2onTtqLdgLnSz+fImgBcWFtbQ/GMxP5U4HKqOT8u2H43pcxsR48nAH2Ia9vb
aNcYz/SCguhYna3SzMreoQwdOes67VXoogSrZdkPrQ2Qomxhe7UiJc8FXBYo91zdV5asCxah0uvJ
zos2ASIaDQHC6VRHL2H3INaBClL8Q16o1GwpgaOZGZmi9G04I7NL65+Dk/CQ4G15vhmqS4CMVMy+
cgKiqBB3j0tEd1GEArULKcAtN6RV1f03gNGkSO/OxWWtSRg2UQmMayTm4wpK3bfSK4CsEeoheMcT
LxP1i1nUdHSv6ivfnt98A4Oc/bvfdwQbxlhLRTnaIpvhJlDvXiIJtQbJ9f7s2UgVz3l5qkghmu7N
7pe2kgXrxM8U7FMz3J2ozYflOte+sDnPhqyCyZG46ZcDFdlSQYQCz1eiIcWB6ON0j9zZ4yfAzldX
sAG4Kq7ukgsY+eKQII3T03ZiHuFr1w/WdIRWroogmzHb/+8ijE8J31TbxKpm7SyBsg/2hMk2ENbd
CTsEM3C9roYHxQT11KNwOKSatyfkBtn6PXiCLuXYYUvd60WeYTbqHg5hKXO5SbQr6i5ClsCeh29B
O4F4I3Q0ZSIyrzmbKbtBKxKau3B7LJ7dBcLaceMrodVFXm0SxG4UwaeOiR9tPqRrmq57opE4e+7v
WEc=
=3jkC
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7501-1
May 07, 2025

python-django vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Django could be made to crash if it received specially crafted network
traffic.

Software Description:
- python-django: High-level Python web development framework

Details:

Elias Myllymäki discovered that Django incorrectly handled stripping large
sequences of incomplete HTML tags. A remote attacker could possibly use
this issue to cause Django to consume resources, leading to a denial of
service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
python3-django 3:4.2.18-1ubuntu1.1

Ubuntu 24.10
python3-django 3:4.2.15-1ubuntu1.4

Ubuntu 24.04 LTS
python3-django 3:4.2.11-1ubuntu1.7

Ubuntu 22.04 LTS
python3-django 2:3.2.12-2ubuntu1.18

Ubuntu 20.04 LTS
python3-django 2:2.2.12-1ubuntu0.29

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7501-1
CVE-2025-32873

Package Information:
https://launchpad.net/ubuntu/+source/python-django/3:4.2.18-1ubuntu1.1
https://launchpad.net/ubuntu/+source/python-django/3:4.2.15-1ubuntu1.4
https://launchpad.net/ubuntu/+source/python-django/3:4.2.11-1ubuntu1.7
https://launchpad.net/ubuntu/+source/python-django/2:3.2.12-2ubuntu1.18
https://launchpad.net/ubuntu/+source/python-django/2:2.2.12-1ubuntu0.29

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)