Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 531
Alerts This Week
Warning Icon 1 531

Debian: DSA-2529-1 Critical: Django Remote Attacks And DoS Issues

debian
Calendar Grey August 14, 2012
Scroller Debian
Explore the weaknesses present within the Django framework and understand the importance of regular security patches for Debian operating systems.
Jeroen Dekkers and others reported several vulnerabilities in Django, a Python Web framework

Summary

CVE-2012-3442

Two functions do not validate the scheme of a redirect target,
which might allow remote attackers to conduct cross-site scripting
(XSS) attacks via a data: URL.

CVE-2012-3443

The ImageField class completely decompresses image data during image
validation, which allows remote attackers to cause a denial of service
(memory consumption) by uploading an image file.

CVE-2012-3444

The get_image_dimensions function in the image-handling functionality
uses a constant chunk size in all attempts to determine dimensions,
which allows remote attackers to cause a denial of service (process
or thread consumption) via a large TIFF image.

For the stable distribution (squeeze), this problem has been fixed in
version 1.2.3-3+squeeze3.

For the unstable distribution (sid), this problem has been fixed in
version 1.4.1-1.

We recommend that you upgrade your python-django packages.

Further information about Debian Security Advisories, how to apply
these updates to your sy...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: python-django
CVE ID: CVE-2012-3442 CVE-2012-3443 CVE-2012-3444

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.