Debian DSA-2529-1 : python-django - several vulnerabilities

NASLDB: Debian DSA-2529-1 : python-django - several vulnerabilities

General

ID: 61538
Name: Debian DSA-2529-1 : python-django – several vulnerabilities

Summary: Checks dpkg output for the updated package

Credits: –

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Temporal Vector: –

Port: 0
Family: Debian Local Security Checks
Type: Local

Description

Jeroen Dekkers and others reported several vulnerabilities in Django,
a Python Web framework. The Common Vulnerabilities and Exposures
project defines the following issues :

– CVE-2012-3442
Two functions do not validate the scheme of a redirect
target, which might allow remote attackers to conduct
cross-site scripting (XSS) attacks via a data: URL.

– CVE-2012-3443
The ImageField class completely decompresses image data
during image validation, which allows remote attackers
to cause a denial of service (memory consumption) by
uploading an image file.

– CVE-2012-3444
The get_image_dimensions function in the image-handling
functionality uses a constant chunk size in all attempts
to determine dimensions, which allows remote attackers
to cause a denial of service (process or thread
consumption) via a large TIFF image.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-3442
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/08/14
Plugin Release: 2012/08/15

Plugin

Version: 1.1
Filename: debian_DSA-2529.nasl
Filesize: 3908 bytes
MD5 Hash: e6db9654aa764d09543d9027f80b2240

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"

Letzte Plugins

Letzte Plugins

scip AG