Paul McMillan, Mozilla and the Django core team discovered several vulnerabilities in Django, a Python web framework: CVE-2011-4136 When using memory-based sessions and caching, Django sessions are stored directly in the root namespace of the cache. When user data is stored in the same cache, a remote user may take over a session. CVE-2011-4137, CVE-2011-4138 Django's field type URLfield by default checks supplied URL's by issuing a request to it, which doesn't time out. A Denial of Service is possible by supplying specially prepared URL's that keep the connection open indefinately or fill the Django's server memory. CVE-2011-4139 Django used X-Forwarded-Host headers to construct full URL's. This header may not contain trusted input and could be used to poison the cache. CVE-2011-4140 The CSRF protection mechanism in Django does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests. For the oldstable distribution (lenny), this problem has been fixed in version 1.0.2-1+lenny3. For the stable distribution (squeeze), this problem has been fixed in version 1.2.3-3+squeeze2. For the testing (wheezy) and unstable distribution (sid), this problem has been fixed in version 1.3.1-1. We recommend that you upgrade your python-django packages.
Paul McMillan, Mozilla and the Django core team discovered several vulnerabilities in Django, a Python web framework:
When using memory-based sessions and caching, Django sessions are stored directly in the root namespace of the cache. When user data is stored in the same cache, a remote user may take over a session.
Django's field type URLfield by default checks supplied URL's by issuing a request to it, which doesn't time out. A Denial of Service is possible by supplying specially prepared URL's that keep the connection open indefinately or fill the Django's server memory.
Django used X-Forwarded-Host headers to construct full URL's. This header may not contain trusted input and could be used to poison the cache.
The CSRF protection mechanism in Django does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests.
For the oldstable distribution (lenny), this problem has been fixed in version 1.0.2-1+lenny3.
For the stable distribution (squeeze), this problem has been fixed in version 1.2.3-3+squeeze2.
For the testing (wheezy) and unstable distribution (sid), this problem has been fixed in version 1.3.1-1.
We recommend that you upgrade your python-django packages.
Vulmon