Ubuntu Local Security Checks : Ubuntu Update for python-django USN-2212-1

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.841823

Categoría: Ubuntu Local Security Checks

Título: Ubuntu Update for python-django USN-2212-1

Resumen: The remote host is missing an update for the 'python-django'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'python-django'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Stephen Stewart, Michael Nelson, Natalia Bidart and James
Westby discovered that Django improperly removed Vary and Cache-Control
headers from HTTP responses when replying to a request from an Internet
Explorer or Chrome Frame client. An attacker may use this to retrieve private
data or poison caches. This update removes workarounds for bugs in Internet
Explorer 6 and 7. (CVE-2014-1418)

Peter Kuma and Gavin Wahl discovered that Django did not correctly
validate some malformed URLs, which are accepted by some browsers. An
attacker may use this to cause unexpected redirects. An update has been
provided for 12.04 LTS, 12.10, 13.10, and 14.04 LTS this issue remains
unfixed for 10.04 LTS as no 'is_safe_url()' functionality existed in
this version.

Affected Software/OS:
python-django on Ubuntu 14.04 LTS,
Ubuntu 13.10,
Ubuntu 12.10,
Ubuntu 12.04 LTS,
Ubuntu 10.04 LTS

Solution:
Please Install the Updated Packages.

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-1418
Debian Security Information: DSA-2934 (Google Search)
http://www.debian.org/security/2014/dsa-2934
http://www.openwall.com/lists/oss-security/2014/05/14/10
http://www.openwall.com/lists/oss-security/2014/05/15/3
http://secunia.com/advisories/61281
SuSE Security Announcement: openSUSE-SU-2014:1132 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
http://ubuntu.com/usn/usn-2212-1

Copyright Copyright (C) 2014 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.841823
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu Update for python-django USN-2212-1
Resumen:	The remote host is missing an update for the 'python-django'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'python-django' package(s) announced via the referenced advisory. Vulnerability Insight: Stephen Stewart, Michael Nelson, Natalia Bidart and James Westby discovered that Django improperly removed Vary and Cache-Control headers from HTTP responses when replying to a request from an Internet Explorer or Chrome Frame client. An attacker may use this to retrieve private data or poison caches. This update removes workarounds for bugs in Internet Explorer 6 and 7. (CVE-2014-1418) Peter Kuma and Gavin Wahl discovered that Django did not correctly validate some malformed URLs, which are accepted by some browsers. An attacker may use this to cause unexpected redirects. An update has been provided for 12.04 LTS, 12.10, 13.10, and 14.04 LTS this issue remains unfixed for 10.04 LTS as no 'is_safe_url()' functionality existed in this version. Affected Software/OS: python-django on Ubuntu 14.04 LTS, Ubuntu 13.10, Ubuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 10.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-1418 Debian Security Information: DSA-2934 (Google Search) http://www.debian.org/security/2014/dsa-2934 http://www.openwall.com/lists/oss-security/2014/05/14/10 http://www.openwall.com/lists/oss-security/2014/05/15/3 http://secunia.com/advisories/61281 SuSE Security Announcement: openSUSE-SU-2014:1132 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html http://ubuntu.com/usn/usn-2212-1
Copyright	Copyright (C) 2014 Greenbone Networks GmbH