USN-4296-1: Django vulnerability
USN-4296-1: Django vulnerability python-django vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Django could allow unintended access to the database. Software Description python-django – High-level Python web development framework Details Norbert Szetei discovered that Django incorrectly handled the GIS functions and aggregates on Oracle. A remote attacker could possibly use this issue to perform an SQL injection attack. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 python-django – 1:1.11.22-1ubuntu1.3 python3-django – 1:1.11.22-1ubuntu1.3 Ubuntu 18.04 LTS python-django – 1:1.11.11-1ubuntu1.8 python3-django – 1:1.11.11-1ubuntu1.8 Ubuntu 16.04 LTS python-django – 1.8.7-1ubuntu5.12 python3-django – 1.8.7-1ubuntu5.12 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2020-9402 Source: USN-4296-1: Django vulnerability
