Test Kennung:	1.3.6.1.4.1.25623.1.0.831334
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Update for python-django MDVSA-2011:031 (python-django)
Zusammenfassung:	The remote host is missing an update for the 'python-django'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'python-django' package(s) announced via the referenced advisory. Vulnerability Insight: Multiple vulnerabilities has been found and corrected in python-django: Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a combination of browser plugins and redirects, a related issue to CVE-2011-0447 (CVE-2011-0696). Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload (CVE-2011-0697). Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays (CVE-2011-0698). The updated packages have been upgraded to the 1.1.4 version which is not vulnerable to these issues. Affected Software/OS: python-django on Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0447 BugTraq ID: 46291 http://www.securityfocus.com/bid/46291 Debian Security Information: DSA-2247 (Google Search) http://www.debian.org/security/2011/dsa-2247 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain http://www.securitytracker.com/id?1025060 http://secunia.com/advisories/43274 http://secunia.com/advisories/43666 http://www.vupen.com/english/advisories/2011/0587 http://www.vupen.com/english/advisories/2011/0877 Common Vulnerability Exposure (CVE) ID: CVE-2011-0696 BugTraq ID: 46296 http://www.securityfocus.com/bid/46296 Debian Security Information: DSA-2163 (Google Search) http://www.debian.org/security/2011/dsa-2163 http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054208.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054207.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:031 http://openwall.com/lists/oss-security/2011/02/09/6 http://secunia.com/advisories/43230 http://secunia.com/advisories/43297 http://secunia.com/advisories/43382 http://secunia.com/advisories/43426 http://www.ubuntu.com/usn/USN-1066-1 http://www.vupen.com/english/advisories/2011/0372 http://www.vupen.com/english/advisories/2011/0388 http://www.vupen.com/english/advisories/2011/0429 http://www.vupen.com/english/advisories/2011/0439 http://www.vupen.com/english/advisories/2011/0441 Common Vulnerability Exposure (CVE) ID: CVE-2011-0697 Common Vulnerability Exposure (CVE) ID: CVE-2011-0698
Copyright	Copyright (c) 2011 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.