Packages
- python-django - High-level Python web development framework
Details
Chris Bailey discovered that Django incorrectly handled evaluating
submitted passwords. A remote attacker could possibly use this issue to
consume resources, resulting in a denial of service. (CVE-2021-45115)
Dennis Brinkrolf discovered that Django incorrectly handled the dictsort
template filter. A remote attacker could possibly use this issue to obtain
sensitive information. (CVE-2021-45116)
Dennis Brinkrolf discovered that Django incorrectly handled certain file
names. A remote attacker could possibly use this issue to save files to
arbitrary filesystem locations. (CVE-2021-45452)
Chris Bailey discovered that Django incorrectly handled evaluating
submitted passwords. A remote attacker could possibly use this issue to
consume resources, resulting in a denial of service. (CVE-2021-45115)
Dennis Brinkrolf discovered that Django incorrectly handled the dictsort
template filter. A remote attacker could possibly use this issue to obtain
sensitive information. (CVE-2021-45116)
Dennis Brinkrolf discovered that Django incorrectly handled certain file
names. A remote attacker could possibly use this issue to save files to
arbitrary filesystem locations. (CVE-2021-45452)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 21.10 impish | python3-django – 2:2.2.24-1ubuntu1.2 | ||
| 21.04 hirsute | python3-django – 2:2.2.20-1ubuntu0.4 | ||
| 20.04 LTS focal | python3-django – 2:2.2.12-1ubuntu0.9 | ||
| 18.04 LTS bionic | python3-django – 1:1.11.11-1ubuntu1.15 | ||
| python-django – 1:1.11.11-1ubuntu1.15 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.