Ubuntu 2169-2: Django regression

    Date23 Apr 2014
    Posted ByLinuxSecurity Advisories
    USN-2169-1 introduced a regression in Django.
    Ubuntu Security Notice USN-2169-2
    April 23, 2014
    python-django regression
    A security issue affects these releases of Ubuntu and its derivatives:
    - Ubuntu 14.04 LTS
    - Ubuntu 13.10
    - Ubuntu 12.10
    - Ubuntu 12.04 LTS
    - Ubuntu 10.04 LTS
    USN-2169-1 introduced a regression in Django.
    Software Description:
    - python-django: High-level Python web development framework
    USN-2169-1 fixed vulnerabilities in Django. The upstream security patch
    for CVE-2014-0472 introduced a regression for certain applications. This
    update fixes the problem.
    Original advisory details:
     Benjamin Bach discovered that Django incorrectly handled dotted Python
     paths when using the reverse() function. An attacker could use this issue
     to cause Django to import arbitrary modules from the Python path, resulting
     in possible code execution. (CVE-2014-0472)
      Paul McMillan discovered that Django incorrectly cached certain pages that
     contained CSRF cookies. An attacker could possibly use this flaw to obtain
     a valid cookie and perform attacks which bypass the CSRF restrictions.
      Michael Koziarski discovered that Django did not always perform explicit
     conversion of certain fields when using a MySQL database. An attacker
     could possibly use this issue to obtain unexpected results. (CVE-2014-0474)
    Update instructions:
    The problem can be corrected by updating your system to the following
    package versions:
    Ubuntu 14.04 LTS:
      python-django                   1.6.1-2ubuntu0.2
    Ubuntu 13.10:
      python-django                   1.5.4-1ubuntu1.2
    Ubuntu 12.10:
      python-django                   1.4.1-2ubuntu0.6
    Ubuntu 12.04 LTS:
      python-django                   1.3.1-4ubuntu1.10
    Ubuntu 10.04 LTS:
      python-django                   1.1.1-2ubuntu1.11
    In general, a standard system update will make all the necessary changes.
    Package Information:
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"90","title":"Love them!","votes":"35","type":"x","order":"1","pct":92.11,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"2","type":"x","order":"2","pct":5.26,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"1","type":"x","order":"3","pct":2.63,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350


    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.