Explore top 10 tips to secure your open-source projects now. Read More
×
USN-2469-1 caused a regression in Django.
Software Description:
- python-django: High-level Python web development framework
Details:
USN-2469-1 fixed vulnerabilities in Django. The security fix for
CVE-2015-0221 introduced a regression on Ubuntu 10.04 LTS and Ubuntu 12.04
LTS when serving static content through GZipMiddleware. This update fixes
the problem.
We apologize for the inconvenience.
Original advisory details:
Jedediah Smith discovered that Django incorrectly handled underscores in
WSGI headers. A remote attacker could possibly use this issue to spoof
headers in certain environments. (CVE-2015-0219)
Mikko Ohtamaa discovered that Django incorrectly handled user-supplied
redirect URLs. A remote attacker could possibly use this issue to perform a
cross-site scripting attack. (CVE-2015-0220)
Alex Gaynor discovered that Django incorrectly handled reading files in
django.views.static.serve(). A remote attacker could possibly use this
is...
The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: python-django 1.3.1-4ubuntu1.15 Ubuntu 10.04 LTS: python-django 1.1.1-2ubuntu1.16 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-2469-2
https://ubuntu.com/security/notices/USN-2469-1
https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/1417274
Get the latest Linux and open source security news straight to your inbox.