Ubuntu Update For Python-django USN-2347-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Florian Apolloner discovered that Django incorrectly validated URLs. A remote attacker could use this issue to conduct phishing attacks. (CVE-2014-0480) David Wilson discovered that Django incorrectly handled file name generation. A remote attacker could use this issue to cause Django to consume resources, resulting in a denial of service. (CVE-2014-0481) David Greisen discovered that Django incorrectly handled certain headers in contrib.auth.middleware.RemoteUserMiddleware. A remote authenticated user could use this issue to hijack web sessions. (CVE-2014-0482) Collin Anderson discovered that Django incorrectly checked if a field represented a relationship between models in the administrative interface. A remote authenticated user could use this issue to possibly obtain sensitive information. (CVE-2014-0483)

Affected

python-django on Ubuntu 14.04 LTS , Ubuntu 12.04 LTS , Ubuntu 10.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-September/002660.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-0480, CVE-2014-0481, CVE-2014-0482, CVE-2014-0483
CVSS Base Score: 6.0
AV:N/AC:M/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for python-django USN-2347-1

Take action and discover your vulnerabilities