drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Eingabeprüfung in Django
Name: |
Mangelnde Eingabeprüfung in Django |
|
ID: |
USN-1632-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 11.10, Ubuntu 12.04 LTS, Ubuntu 12.10 |
|
Datum: |
Fr, 16. November 2012, 07:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4520 |
|
Applikationen: |
Django |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --===============5475587067864760351== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig04229004D67A911AF6398078"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig04229004D67A911AF6398078 Content-Type: text/plain; charset=ISO-8859- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1632-1 November 15, 2012
python-django vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS
Summary:
Django could be made to expose sensitive information over the network.
Software Description: - python-django: High-level Python web development framework
Details:
James Kettle discovered Django did not properly filter the Host HTTP header when processing certain requests. An attacker could exploit this to generate and display arbitrary URLs to users.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.10: python-django 1.4.1-2ubuntu0.1
Ubuntu 12.04 LTS: python-django 1.3.1-4ubuntu1.3
Ubuntu 11.10: python-django 1.3-2ubuntu1.4
Ubuntu 10.04 LTS: python-django 1.1.1-2ubuntu1.6
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1632-1 CVE-2012-4520
Package Information: https://launchpad.net/ubuntu/+source/python-django/1.4.1-2ubuntu0.1 https://launchpad.net/ubuntu/+source/python-django/1.3.1-4ubuntu1.3 https://launchpad.net/ubuntu/+source/python-django/1.3-2ubuntu1.4 https://launchpad.net/ubuntu/+source/python-django/1.1.1-2ubuntu1.6
--------------enig04229004D67A911AF6398078 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iQIcBAEBCgAGBQJQpay/AAoJEFHb3FjMVZVzIVMP/21w+eQq0iT/bHBsK+xChyHV qDKjf40tbPeFpT/zd6dqSahnh9PBRQTBka0l+1rN659SUY/jPNnJEcoDc2X6byln 6RHcs6OnSipboKc6esERpj8A7wbbMk4sg7a+SV/Yj2EwG6Pwk1m/ttwQ397gEAm8 fMI5tLuDkA1dITfWF0+ADGLfyXQ2YHP/IERZK3dOoPusv/8b1Ht7YCOo0RHRrksP XcsRQXxNAgu78TPvYolMVAJcTKPHbLGs4BKm5+0m3MRtV2Chg5ib1itaQhfN+nX5 OGzkvDI3upaRJkM1nT7kO6KH+7gBvThFAoAl/5HmXNjG28/bodCGs5KtqGlmJmxi g0IjwBGc5iabQcEca4EvCkTbqpYcGz1dyHM0Xepp7TytzCh9RymiUbQtisk1RTib Dhqo4yVqGMMxXmgBn1WTYWYmj20OhNeN2sSzOKIrR/x5drlpAXr8f9klxaw0zPX3 MV3F4wmXGbFPbn6XFfnFyB7ihle2Y+mY4t/gWPbipu8gK+xLdzh54XMdZ4u3zt9n 2zJvzue6MpTVm+5c6FCBKqM3x+2hIjUI9eb9tUoNcMgAOzgTcq6hPetAoIv54kGR 8WCkpDyDHsFm9djxBPDCmDZILG3thVXu3aKd2qddAWG5XWhAqqIgvkJAYksx9cV9 Juet9qSMGwDcNp5VjCCN =WoYE -----END PGP SIGNATURE-----
--------------enig04229004D67A911AF6398078--
--===============5475587067864760351== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============5475587067864760351==--
|
|
|
|