Packages
- python-django - High-level Python web development framework
Details
It was discovered that Django did not properly validate HTTP requests that
contain an X-Requested-With header. An attacker could exploit this
vulnerability to perform cross-site request forgery (CSRF) attacks.
(CVE-2011-0696)
It was discovered that Django did not properly sanitize its input when
performing file uploads, resulting in cross-site scripting (XSS)
vulnerabilities. With cross-site scripting vulnerabilities, if a user were
tricked into viewing server output during a crafted server request, a
remote attacker could exploit this to modify the contents, or steal
confidential data, within the same domain. (CVE-2011-0697)
It was discovered that Django did not properly validate HTTP requests that
contain an X-Requested-With header. An attacker could exploit this
vulnerability to perform cross-site request forgery (CSRF) attacks.
(CVE-2011-0696)
It was discovered that Django did not properly sanitize its input when
performing file uploads, resulting in cross-site scripting (XSS)
vulnerabilities. With cross-site scripting vulnerabilities, if a user were
tricked into viewing server output during a crafted server request, a
remote attacker could exploit this to modify the contents, or steal
confidential data, within the same domain. (CVE-2011-0697)
Update instructions
The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 9.10 karmic | python-django – 1.1.1-1ubuntu1.2 | ||
| 10.10 maverick | python-django – 1.2.3-1ubuntu0.2.10.10.2 | ||
| 10.04 lucid | python-django – 1.1.1-2ubuntu1.3 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.
Have additional questions?