Ubuntu 12.04 LTS USN-2469-2 Critical: Django Regression Issue
Feb 04, 2015
•
LinuxSecurity Advisories
1 - 2 min read
USN-2469-1 caused a regression in Django.
=========================================================================Ubuntu Security Notice USN-2469-2 February 04, 2015 python-django regression ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: USN-2469-1 caused a regression in Django. Software Description: - python-django: High-level Python web development framework Details: USN-2469-1 fixed vulnerabilities in Django. The security fix for CVE-2015-0221 introduced a regression on Ubuntu 10.04 LTS and Ubuntu 12.04 LTS when serving static content through GZipMiddleware. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments. (CVE-2015-0219) Mikko Ohtamaa discovered that Django incorrectly handled user-supplied redirect URLs. A remote attacker could possibly use this issue to perform a cross-site scripting attack. (CVE-2015-0220) Alex Gaynor discovered that Django incorrectly handled reading files in django.views.static.serve(). A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service. (CVE-2015-0221) Keryn Knight discovered that Django incorrectly handled forms with ModelMultipleChoiceField. A remote attacker could possibly use this issue to cause a large number of SQL queries, resulting in a database denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0222) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: python-django 1.3.1-4ubuntu1.15 Ubuntu 10.04 LTS: python-django 1.1.1-2ubuntu1.16 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2469-2 https://ubuntu.com/security/notices/USN-2469-1 https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/1417274 Package Information: https://launchpad.net/ubuntu/+source/python-django/1.3.1-4ubuntu1.15 https://launchpad.net/ubuntu/+source/python-django/1.1.1-2ubuntu1.16
PREVIOUS
NEXT
Ubuntu 12.04 LTS USN-2469-2 Critical: Django Regression Issue
ubuntu
February 4, 2015
USN-2469-1 caused a regression in Django.
Summary
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: python-django 1.3.1-4ubuntu1.15 Ubuntu 10.04 LTS: python-django 1.1.1-2ubuntu1.16 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-2469-2
https://ubuntu.com/security/notices/USN-2469-1
https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/1417274
Severity
critical
Lowest
Low
Medium
High
Critical
February 04, 2015
Package Information
https://launchpad.net/ubuntu/+source/python-django/1.3.1-4ubuntu1.15 https://launchpad.net/ubuntu/+source/python-django/1.1.1-2ubuntu1.16
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!