-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.1208
python-django security update
12 April 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: python-django
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Create Arbitrary Files -- Remote/Unauthenticated
Overwrite Arbitrary Files -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-28658
Reference: ESB-2021.1153
Original Bulletin:
http://www.debian.org/lts/security/2021/dla-2622
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2622-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Chris Lamb
April 09, 2021 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : python-django
Version : 1:1.10.7-2+deb9u12
CVE ID : CVE-2021-28658
Debian Bug : #986447
It was discovered that there was a potential directory traversal
issue in Django, a Python-based web development framework.
The vulnerability could have been exploited by maliciously crafted
filenames. However, the upload handlers built into Django itself
were not affected.
For Debian 9 "Stretch", this problem has been fixed in version
1:1.10.7-2+deb9u12.
We recommend that you upgrade your python-django packages.
For the detailed security status of python-django please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-django
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmBwPekACgkQHpU+J9Qx
Hli1TA/9HV3MkXufNm8DQC8xvyG/G8zOUccDAtNJsYFRKxhm3YRrt2xC7AIQvPHw
PAVb5+o9jqNuK32s9Ezmidcuz8+nf6/F022RJNj3chEh6ChQs1W1J7I7tbKpUVMl
Ci/57o1gKvk/7ejU1xoY4gLaO+XtjbWFgaC/LgJsaxhGgHar2gFqZMJW+0/XVJIx
XOfPUTt/93FHXYgF+Yx+noN8uK/JjsO1X2CBFsWc3TDTAj9U4LskGxpcnUcRVdWV
JOPVZbtTHla1hB0n9NPrriVoHf9vWYK5ZKR9jX3Ntp+B3MngBb9bYkPW+iq7ocOV
SJzbOKXMHXerXopZTf1tSCx6ccJuFidcbbdh7bczN8hqtkdTv0HyPk3rtvvEriI5
crSRom1zqEUc7Somebw3Mgbo1UF0dHTA0ZWlNvwRnPR1GanKCee++tm9mKaSePC6
0KGBlWKZffk3vZO7bNc3TcuEMzaXF7s5cWNa/KCtrS/2tiM3g0gV3rzKhq69Fcu+
RxCcoQharQbZxdAH8WyepByF6v45xgjiYbP9ClYJPxVus1KU7F+zKadqKSwYlIrS
dfMvkLIb9LucZUyzB/+b9yuObaWs+NoC8U9pcY8JcjixXId3bQKCVCEE1YIN+9j6
o0vop0ZuCBu95/i1WBF04WW0SI/UKdVcoBbK9+YCODdssOSpSFo=
=hYiv
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYHOhmuNLKJtyKPYoAQgZ7BAAhB/5eECtIhOAAmh4T/uJXJP6dYs02Fal
90aU7JCFtHN4mGehfqWGZdq9MFvrVx6sr/4kn/EnPTnF5vNp/DZm99FOog+8JLDN
byIn6/3cJvj+DqF7fGnn7DCbhX8orrzb7pSy+ZuKPs/bIhJ68nnwKyS4BcyZWlvS
JPrwGxDje5mX4Y2Y1Wc7XbNuYUycgqqzbSNHrvl8pZ7DFlIYYRsuE0I4GrSSc2n0
VoC2g6ApW6hGj1et4oRN4ocJgcx7ZqCKTQLMcGzcTgq9efcDw4dvjBrwvQVhetbS
QEAjQ2iZO3NcgCTlsqDr2zdTahPdfoQidWrQsNK+dSfKcvaypWdda86yXKRSaJfj
Uetaeu4mKpWR6BKEiH5GQ6wueJdoH5LMbqxItFZErK3YeD7uxQ1dp1DsXtjc23PW
wPCT8dWh6n6P5/CfuW0vn8kApshsNnsluRGeZPSsfzsPDzxO1OFlOmp+Da8lgZUH
hTI2ANmqE9DnjRJiNW5/mrQvmmoe4vhTMtkKLZHGzKIhOGJb0ZenM32hEHQzNONS
T5ukhZY3o0JlagtMniFDwgJS21Vvlp247wbt/dUg7AbXbOcIE6luqlUxSwJQZhRQ
NCJJQcvdiLsbYwZh5wWA9k+aKN1Cr+CdsDEI4JmmuquTh+8vLpily03T2aqEH5B/
pGuwTSxKJjc=
=MnLT
-----END PGP SIGNATURE-----
The post ESB-2021.1208 – [Debian] python-django: Multiple vulnerabilities appeared first on Malware Devil.
https://malwaredevil.com/2021/04/12/esb-2021-1208-debian-python-django-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1208-debian-python-django-multiple-vulnerabilities
No comments:
Post a Comment