Ubuntu 1004-1: Django vulnerability

    Date13 Oct 2010
    CategoryUbuntu
    42
    Posted ByLinuxSecurity Advisories
    It was discovered that Django did not properly sanitize the cookie value when applying CSRF protections resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal [More...]
    ===========================================================
    Ubuntu Security Notice USN-1004-1           October 13, 2010
    python-django vulnerability
    CVE-2010-3082
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 10.10
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 10.10:
      python-django                   1.2.3-1ubuntu0.1
    
    In general, a standard system update will make all the necessary changes.
    
    Details follow:
    
    It was discovered that Django did not properly sanitize the cookie value
    when applying CSRF protections resulting in a cross-site scripting (XSS)
    vulnerability. With cross-site scripting vulnerabilities, if a user were
    tricked into viewing server output during a crafted server request, a
    remote attacker could exploit this to modify the contents, or steal
    confidential data, within the same domain.
    
    
    Updated packages for Ubuntu 10.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/p/python-django/python-django_1.2.3-1ubuntu0.1.debian.tar.gz
          Size/MD5:    18499 2e8c4c95d6d40cce184131f1001a01a2
        http://security.ubuntu.com/ubuntu/pool/main/p/python-django/python-django_1.2.3-1ubuntu0.1.dsc
          Size/MD5:     2249 a5cb861587d952430ae73da49a9680cf
        http://security.ubuntu.com/ubuntu/pool/main/p/python-django/python-django_1.2.3.orig.tar.gz
          Size/MD5:  6306760 10bfb5831bcb4d3b1e6298d0e41d6603
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/p/python-django/python-django-doc_1.2.3-1ubuntu0.1_all.deb
          Size/MD5:  1905856 5f3ed62933c8f4970101ead2d57d7d4f
        http://security.ubuntu.com/ubuntu/pool/main/p/python-django/python-django_1.2.3-1ubuntu0.1_all.deb
          Size/MD5:  4212250 8c85dcb4ab4d9701cd546e2e119ae4e3
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.