Ubuntu Local Security Checks : Ubuntu Update for python-django USN-1967-1

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.841588

Categoría: Ubuntu Local Security Checks

Título: Ubuntu Update for python-django USN-1967-1

Resumen: The remote host is missing an update for the 'python-django'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'python-django'
package(s) announced via the referenced advisory.

Vulnerability Insight:
It was discovered that Django incorrectly handled large passwords. A remote
attacker could use this issue to consume resources, resulting in a denial
of service. (CVE-2013-1443)

It was discovered that Django incorrectly handled ssi templates. An
attacker could use this issue to read arbitrary files. (CVE-2013-4315)

It was discovered that the Django is_safe_url utility function did not
restrict redirects to certain schemes. An attacker could possibly use this
issue to perform a cross-site scripting attack.

Affected Software/OS:
python-django on Ubuntu 13.04,
Ubuntu 12.10,
Ubuntu 12.04 LTS,
Ubuntu 10.04 LTS

Solution:
Please Install the Updated Packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-1443
Debian Security Information: DSA-2758 (Google Search)
http://www.debian.org/security/2013/dsa-2758
http://python.6.x6.nabble.com/Set-a-reasonable-upper-bound-on-password-length-td5032218.html
SuSE Security Announcement: openSUSE-SU-2013:1541 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-10/msg00015.html
SuSE Security Announcement: openSUSE-SU-2013:1685 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-11/msg00035.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-4315
Debian Security Information: DSA-2755 (Google Search)
http://www.debian.org/security/2013/dsa-2755
RedHat Security Advisories: RHSA-2013:1521
http://rhn.redhat.com/errata/RHSA-2013-1521.html
http://secunia.com/advisories/54772
http://secunia.com/advisories/54828

Copyright Copyright (c) 2013 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.841588
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu Update for python-django USN-1967-1
Resumen:	The remote host is missing an update for the 'python-django'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'python-django' package(s) announced via the referenced advisory. Vulnerability Insight: It was discovered that Django incorrectly handled large passwords. A remote attacker could use this issue to consume resources, resulting in a denial of service. (CVE-2013-1443) It was discovered that Django incorrectly handled ssi templates. An attacker could use this issue to read arbitrary files. (CVE-2013-4315) It was discovered that the Django is_safe_url utility function did not restrict redirects to certain schemes. An attacker could possibly use this issue to perform a cross-site scripting attack. Affected Software/OS: python-django on Ubuntu 13.04, Ubuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 10.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1443 Debian Security Information: DSA-2758 (Google Search) http://www.debian.org/security/2013/dsa-2758 http://python.6.x6.nabble.com/Set-a-reasonable-upper-bound-on-password-length-td5032218.html SuSE Security Announcement: openSUSE-SU-2013:1541 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-10/msg00015.html SuSE Security Announcement: openSUSE-SU-2013:1685 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-11/msg00035.html Common Vulnerability Exposure (CVE) ID: CVE-2013-4315 Debian Security Information: DSA-2755 (Google Search) http://www.debian.org/security/2013/dsa-2755 RedHat Security Advisories: RHSA-2013:1521 http://rhn.redhat.com/errata/RHSA-2013-1521.html http://secunia.com/advisories/54772 http://secunia.com/advisories/54828
Copyright	Copyright (c) 2013 Greenbone Networks GmbH