Home / mailings [USN-1632-1] Django vulnerability
Posted on 16 November 2012
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-1632-1
November 15, 2012
python-django vulnerability
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS
Summary:
Django could be made to expose sensitive information over the network.
Software Description:
- python-django: High-level Python web development framework
Details:
James Kettle discovered Django did not properly filter the Host HTTP head=
er
when processing certain requests. An attacker could exploit this to
generate and display arbitrary URLs to users.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.10:
python-django 1.4.1-2ubuntu0.1
Ubuntu 12.04 LTS:
python-django 1.3.1-4ubuntu1.3
Ubuntu 11.10:
python-django 1.3-2ubuntu1.4
Ubuntu 10.04 LTS:
python-django 1.1.1-2ubuntu1.6
In general, a standard system update will make all the necessary changes.=
References:
http://www.ubuntu.com/usn/usn-1632-1
CVE-2012-4520
Package Information:
https://launchpad.net/ubuntu/+source/python-django/1.4.1-2ubuntu0.1
https://launchpad.net/ubuntu/+source/python-django/1.3.1-4ubuntu1.3
https://launchpad.net/ubuntu/+source/python-django/1.3-2ubuntu1.4
https://launchpad.net/ubuntu/+source/python-django/1.1.1-2ubuntu1.6
------------
