Login
Newsletter
Werbung

Sicherheit: Mangelnde Eingabeprüfung in Django
Aktuelle Meldungen Distributionen
Name: Mangelnde Eingabeprüfung in Django
ID: USN-1632-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS, Ubuntu 11.10, Ubuntu 12.04 LTS, Ubuntu 12.10
Datum: Fr, 16. November 2012, 07:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4520
Applikationen: Django

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============5475587067864760351==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enig04229004D67A911AF6398078"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig04229004D67A911AF6398078
Content-Type: text/plain; charset=ISO-8859-
Content-Transfer-Encoding: quoted-printable


==========================================================================
Ubuntu Security Notice USN-1632-1
November 15, 2012

python-django vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS

Summary:

Django could be made to expose sensitive information over the network.

Software Description:
- python-django: High-level Python web development framework

Details:

James Kettle discovered Django did not properly filter the Host HTTP header
when processing certain requests. An attacker could exploit this to
generate and display arbitrary URLs to users.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
python-django 1.4.1-2ubuntu0.1

Ubuntu 12.04 LTS:
python-django 1.3.1-4ubuntu1.3

Ubuntu 11.10:
python-django 1.3-2ubuntu1.4

Ubuntu 10.04 LTS:
python-django 1.1.1-2ubuntu1.6

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1632-1
CVE-2012-4520

Package Information:
https://launchpad.net/ubuntu/+source/python-django/1.4.1-2ubuntu0.1
https://launchpad.net/ubuntu/+source/python-django/1.3.1-4ubuntu1.3
https://launchpad.net/ubuntu/+source/python-django/1.3-2ubuntu1.4
https://launchpad.net/ubuntu/+source/python-django/1.1.1-2ubuntu1.6





--------------enig04229004D67A911AF6398078
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBCgAGBQJQpay/AAoJEFHb3FjMVZVzIVMP/21w+eQq0iT/bHBsK+xChyHV
qDKjf40tbPeFpT/zd6dqSahnh9PBRQTBka0l+1rN659SUY/jPNnJEcoDc2X6byln
6RHcs6OnSipboKc6esERpj8A7wbbMk4sg7a+SV/Yj2EwG6Pwk1m/ttwQ397gEAm8
fMI5tLuDkA1dITfWF0+ADGLfyXQ2YHP/IERZK3dOoPusv/8b1Ht7YCOo0RHRrksP
XcsRQXxNAgu78TPvYolMVAJcTKPHbLGs4BKm5+0m3MRtV2Chg5ib1itaQhfN+nX5
OGzkvDI3upaRJkM1nT7kO6KH+7gBvThFAoAl/5HmXNjG28/bodCGs5KtqGlmJmxi
g0IjwBGc5iabQcEca4EvCkTbqpYcGz1dyHM0Xepp7TytzCh9RymiUbQtisk1RTib
Dhqo4yVqGMMxXmgBn1WTYWYmj20OhNeN2sSzOKIrR/x5drlpAXr8f9klxaw0zPX3
MV3F4wmXGbFPbn6XFfnFyB7ihle2Y+mY4t/gWPbipu8gK+xLdzh54XMdZ4u3zt9n
2zJvzue6MpTVm+5c6FCBKqM3x+2hIjUI9eb9tUoNcMgAOzgTcq6hPetAoIv54kGR
8WCkpDyDHsFm9djxBPDCmDZILG3thVXu3aKd2qddAWG5XWhAqqIgvkJAYksx9cV9
Juet9qSMGwDcNp5VjCCN
=WoYE
-----END PGP SIGNATURE-----

--------------enig04229004D67A911AF6398078--


--===============5475587067864760351==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============5475587067864760351==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung