Summary
Ubuntu Update for Linux kernel vulnerabilities USN-1560-1
Solution
Please Install the Updated Packages.
Insight
It was discovered that Django incorrectly validated the scheme of a redirect target. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2012-3442)
It was discovered that Django incorrectly handled validating certain images. A remote attacker could use this flaw to cause the server to consume memory, leading to a denial of service. (CVE-2012-3443)
Jeroen Dekkers discovered that Django incorrectly handled certain image dimensions. A remote attacker could use this flaw to cause the server to consume resources, leading to a denial of service. (CVE-2012-3444)
Affected
python-django on Ubuntu 12.04 LTS ,
Ubuntu 11.10 ,
Ubuntu 11.04 ,
Ubuntu 10.04 LTS
Severity
Classification
-
CVE CVE-2012-3442, CVE-2012-3443, CVE-2012-3444 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities