Canonical Fixes Django Vulnerabilities for Ubuntu OSes

Users have to update the system in order to fix the problem

By on November 21st, 2012 20:31 GMT

On November 20, Canonical published details about Django vulnerabilities for its Ubuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 11.10, and Ubuntu 10.04 LTS operating systems.

According to Canonical, a testsuite regression was fixed in Django. The upstream fix introduced testsuite failures when ADMINS and/or MANAGERS were defined in settings.py. This update fixes the problem.

In the previous version, Django did not properly filter the Host HTTP header when processing certain requests. An attacker could have exploited this issue to generate and display arbitrary URLs to users.

For a more detailed description of the security problems, you can visit Canonical's security notification.

Users can simply fix the security flaws by upgrading the operating systems to the latest python-django package, specific to each distribution.

A normal system update, executed with the Update Manager, will implement all the necessary changes. A complete system restart is not necessary.

Comments