Not a user yet?
Log in Register for free Suggest a product
Update

USN-7903-1: Django vulnerabilities

Ubuntu ServerUbuntu Server
Canonical

USN-7903-1: Django vulnerabilities

Publication date : 2 December 2025
Overview: Several security issues were fixed in Django.

Packages
python-django - High-level Python web development framework

Details
It was discovered that Django incorrectly handled certain characters in the
FilteredRelation object. An attacker could possibly use this issue to
execute arbitrary SQL commands. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10.
(CVE-2025-13372)

Seokchan Yoon discovered that Django inefficiently handled deserialization
of XML objects. An attacker could possibly use this issue to cause Django
to use excessive resources, causing a denial of service. (CVE-2025-64460)

Update instructions
In general, a standard system update will make all the necessary changes.
The problem can be corrected by updating your system to the following package versions:

25.10 questing

  • python3-django – 3:5.2.4-1ubuntu2.2

25.04 plucky

  • python3-django – 3:4.2.18-1ubuntu1.7

24.04 LTS noble

  • python3-django – 3:4.2.11-1ubuntu1.13

22.04 LTS jammy

  • python3-django – 2:3.2.12-2ubuntu1.24

20.04 LTS focal

  • python3-django – 2:2.2.12-1ubuntu0.29+esm6

18.04 LTS bionic

  • python-django – 1:1.11.11-1ubuntu1.21+esm13
  • python3-django – 1:1.11.11-1ubuntu1.21+esm13

16.04 LTS xenial

  • python-django – 1.8.7-1ubuntu5.15+esm10
  • python3-django – 1.8.7-1ubuntu5.15+esm10

14.04 LTS trusty

  • python-django – 1.6.11-0ubuntu1.3+esm9
More updatesTo the product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Receive Important Update Messages Stay tuned for upcoming Canonical updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad