Thursday, November 15, 2012

[USN-1632-1] Django vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBCgAGBQJQpay/AAoJEFHb3FjMVZVzIVMP/21w+eQq0iT/bHBsK+xChyHV
qDKjf40tbPeFpT/zd6dqSahnh9PBRQTBka0l+1rN659SUY/jPNnJEcoDc2X6byln
6RHcs6OnSipboKc6esERpj8A7wbbMk4sg7a+SV/Yj2EwG6Pwk1m/ttwQ397gEAm8
fMI5tLuDkA1dITfWF0+ADGLfyXQ2YHP/IERZK3dOoPusv/8b1Ht7YCOo0RHRrksP
XcsRQXxNAgu78TPvYolMVAJcTKPHbLGs4BKm5+0m3MRtV2Chg5ib1itaQhfN+nX5
OGzkvDI3upaRJkM1nT7kO6KH+7gBvThFAoAl/5HmXNjG28/bodCGs5KtqGlmJmxi
g0IjwBGc5iabQcEca4EvCkTbqpYcGz1dyHM0Xepp7TytzCh9RymiUbQtisk1RTib
Dhqo4yVqGMMxXmgBn1WTYWYmj20OhNeN2sSzOKIrR/x5drlpAXr8f9klxaw0zPX3
MV3F4wmXGbFPbn6XFfnFyB7ihle2Y+mY4t/gWPbipu8gK+xLdzh54XMdZ4u3zt9n
2zJvzue6MpTVm+5c6FCBKqM3x+2hIjUI9eb9tUoNcMgAOzgTcq6hPetAoIv54kGR
8WCkpDyDHsFm9djxBPDCmDZILG3thVXu3aKd2qddAWG5XWhAqqIgvkJAYksx9cV9
Juet9qSMGwDcNp5VjCCN
=WoYE
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1632-1
November 15, 2012

python-django vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS

Summary:

Django could be made to expose sensitive information over the network.

Software Description:
- python-django: High-level Python web development framework

Details:

James Kettle discovered Django did not properly filter the Host HTTP header
when processing certain requests. An attacker could exploit this to
generate and display arbitrary URLs to users.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
python-django 1.4.1-2ubuntu0.1

Ubuntu 12.04 LTS:
python-django 1.3.1-4ubuntu1.3

Ubuntu 11.10:
python-django 1.3-2ubuntu1.4

Ubuntu 10.04 LTS:
python-django 1.1.1-2ubuntu1.6

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1632-1
CVE-2012-4520

Package Information:
https://launchpad.net/ubuntu/+source/python-django/1.4.1-2ubuntu0.1
https://launchpad.net/ubuntu/+source/python-django/1.3.1-4ubuntu1.3
https://launchpad.net/ubuntu/+source/python-django/1.3-2ubuntu1.4
https://launchpad.net/ubuntu/+source/python-django/1.1.1-2ubuntu1.6

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)