Applications using Django could be made to crash or expose sensitive information.
It was discovered that Django incorrectly validated the scheme of a redirect target. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2012-3442)
10 September 2012
A security issue affects these releases of Ubuntu and its derivatives:
Applications using Django could be made to crash or expose sensitive information.
It was discovered that Django incorrectly validated the scheme of a redirect target. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2012-3442)
It was discovered that Django incorrectly handled validating certain images. A remote attacker could use this flaw to cause the server to consume memory, leading to a denial of service. (CVE-2012-3443)
Jeroen Dekkers discovered that Django incorrectly handled certain image dimensions. A remote attacker could use this flaw to cause the server to consume resources, leading to a denial of service. (CVE-2012-3444)
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.