Ubuntu 1004-1: Django vulnerability
Summary
Update Instructions
References
Package Information
==========================================================Ubuntu Security Notice USN-1004-1 October 13, 2010 python-django vulnerability CVE-2010-3082 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 10.10: python-django 1.2.3-1ubuntu0.1 In general, a standard system update will make all the necessary changes. Details follow: It was discovered that Django did not properly sanitize the cookie value when applying CSRF protections resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Updated packages for Ubuntu 10.10: Source archives: Size/MD5: 18499 2e8c4c95d6d40cce184131f1001a01a2 Size/MD5: 2249 a5cb861587d952430ae73da49a9680cf Size/MD5: 6306760 10bfb5831bcb4d3b1e6298d0e41d6603 Architecture independent packages: Size/MD5: 1905856 5f3ed62933c8f4970101ead2d57d7d4f Size/MD5: 4212250 8c85dcb4ab4d9701cd546e2e119ae4e3