Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31631
HistoryJan 19, 2015 - 12:00 a.m.

[USN-2469-1] Django vulnerabilities

2015-01-1900:00:00
vulners.com
30
JSON

==========================================================================
Ubuntu Security Notice USN-2469-1
January 13, 2015

python-django vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in Django.

Software Description:

  • python-django: High-level Python web development framework

Details:

Jedediah Smith discovered that Django incorrectly handled underscores in
WSGI headers. A remote attacker could possibly use this issue to spoof
headers in certain environments. (CVE-2015-0219)

Mikko Ohtamaa discovered that Django incorrectly handled user-supplied
redirect URLs. A remote attacker could possibly use this issue to perform a
cross-site scripting attack. (CVE-2015-0220)

Alex Gaynor discovered that Django incorrectly handled reading files in
django.views.static.serve(). A remote attacker could possibly use this
issue to cause Django to consume resources, resulting in a denial of
service. (CVE-2015-0221)

Keryn Knight discovered that Django incorrectly handled forms with
ModelMultipleChoiceField. A remote attacker could possibly use this issue
to cause a large number of SQL queries, resulting in a database denial of
service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10.
(CVE-2015-0222)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
python-django 1.6.6-1ubuntu2.1
python3-django 1.6.6-1ubuntu2.1

Ubuntu 14.04 LTS:
python-django 1.6.1-2ubuntu0.6

Ubuntu 12.04 LTS:
python-django 1.3.1-4ubuntu1.13

Ubuntu 10.04 LTS:
python-django 1.1.1-2ubuntu1.14

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2469-1
CVE-2015-0219, CVE-2015-0220, CVE-2015-0221, CVE-2015-0222

Package Information:
https://launchpad.net/ubuntu/+source/python-django/1.6.6-1ubuntu2.1
https://launchpad.net/ubuntu/+source/python-django/1.6.1-2ubuntu0.6
https://launchpad.net/ubuntu/+source/python-django/1.3.1-4ubuntu1.13
https://launchpad.net/ubuntu/+source/python-django/1.1.1-2ubuntu1.14

– ubuntu-security-announce mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Related

osv 9
nessus 12
fedora 3
debian 3
mageia 1
openvas 9
ubuntu 2
freebsd 1
securityvulns 2
debiancve 4
cve 4
github 3
prion 4
ubuntucve 4
osv
osv
python-django - security update
2015-01-29 00:00:00
python-django - security update
2015-02-03 00:00:00
PYSEC-2015-4
2015-01-16 16:59:00
nessus
nessus
Ubuntu 14.04 LTS : Django vulnerabilities (USN-2469-1)
2015-01-14 00:00:00
Fedora 20 : python-django14-1.4.18-1.fc20 (2015-0804)
2015-01-27 00:00:00
Debian DLA-143-1 : python-django security update
2015-03-26 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: python-django-1.6.10-1.fc21
2015-01-26 02:32:42
[SECURITY] Fedora 20 Update: python-django14-1.4.18-1.fc20
2015-01-27 03:00:28
[SECURITY] Fedora 20 Update: python-django-1.6.10-1.fc20
2015-01-27 03:06:04
debian
debian
[SECURITY] [DLA 143-1] python-django security update
2015-01-29 11:15:16
[SECURITY] [DSA 3151-1] python-django security update
2015-02-03 06:08:47
[SECURITY] [DSA 3151-1] python-django security update
2015-02-03 06:08:47
mageia
mageia
Updated python-django and python-django14 packages fix security vulnerabilities
2015-01-18 01:31:08
openvas
openvas
Fedora Update for python-django FEDORA-2015-0714
2015-01-26 00:00:00
Ubuntu: Security Advisory (USN-2469-2)
2015-02-05 00:00:00
Mageia: Security Advisory (MGASA-2015-0026)
2022-01-28 00:00:00
ubuntu
ubuntu
Django vulnerabilities
2015-01-13 00:00:00
Django regression
2015-02-04 00:00:00
freebsd
freebsd
django -- multiple vulnerabilities
2015-01-13 00:00:00
securityvulns
securityvulns
[ MDVSA-2015:036 ] python-django
2015-02-23 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2015-01-19 00:00:00
debiancve
debiancve
CVE-2015-0219
2015-01-16 16:59:00
CVE-2015-0220
2015-01-16 16:59:00
CVE-2015-0222
2015-01-16 16:59:00
cve
cve
CVE-2015-0219
2015-01-16 16:59:00
CVE-2015-0220
2015-01-16 16:59:00
CVE-2015-0222
2015-01-16 16:59:00
github
github
Django WSGI Header Spoofing Vulnerability
2022-05-17 03:20:54
Django Cross-site Scripting Vulnerability
2022-05-17 03:20:49
Django DoS in django.views.static.serve
2022-05-17 03:20:50
prion
prion
Design/Logic Flaw
2015-01-16 16:59:00
Cross site scripting
2015-01-16 16:59:00
Sql injection
2015-01-16 16:59:00
ubuntucve
ubuntucve
CVE-2015-0219
2015-01-13 00:00:00
CVE-2015-0220
2015-01-13 00:00:00
CVE-2015-0222
2015-01-13 00:00:00
JSON
Related for SECURITYVULNS:DOC:31631
osv9nessus12fedora3debian3mageia1openvas9ubuntu2freebsd1securityvulns2debiancve4cve4github3prion4ubuntucve4