Ubuntu Security Notice (C) 2012-2013 Canonical, Inc. / NASL script (C) 2012-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing a security-related patch.
It was discovered that Django incorrectly validated the scheme of a
redirect target. If a user were tricked into opening a specially
crafted URL, an attacker could possibly exploit this to conduct
cross-site scripting (XSS) attacks. (CVE-2012-3442)
It was discovered that Django incorrectly handled validating certain
images. A remote attacker could use this flaw to cause the server to
consume memory, leading to a denial of service. (CVE-2012-3443)
Jeroen Dekkers discovered that Django incorrectly handled certain
image dimensions. A remote attacker could use this flaw to cause the
server to consume resources, leading to a denial of service.
Update the affected python-django package.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true