Ubuntu Security Notice 1757-1 - James Kettle discovered that Django did not properly filter the Host HTTP header when processing certain requests. An attacker could exploit this to generate and display arbitrary URLs to users. Although this issue had been previously addressed in USN-1632-1, this update adds additional hardening measures to host header validation. This update also adds a new ALLOWED_HOSTS setting that can be set to a list of acceptable values for headers. Orange Tsai discovered that Django incorrectly performed permission checks when displaying the history view in the admin interface. An administrator could use this flaw to view the history of any object, regardless of intended permissions. Various other issues were also addressed.
02719f42729583dd3407a3d30c2eedacc1f12b2e9836c0ea0740e3d9ef6cf3adCorel Quattro Pro version X6 Standard Edition suffers from a NULL pointer dereference vulnerability.
2175709f7a6a472e1af99f68d9a7e4070f1f9f784793aab30da9105ac0d83ee5Corel WordPerfect version X6 Standard Edition suffers from an untrusted pointer dereference vulnerability.
8832b3303002c58c42ba8a6647668b520210078b09fd600c76f27e5f6abdb855MLS Property Finder suffers from an improper access control vulnerability. Note that this finding houses site-specific data.
bfe705a9600eec5c7967a56b122c9365f0981b9776ce2992d7d4575f6eaaa5bdYour Own Classifieds suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
e786093e3303c069a9fedd85ac436abf93cbe3ccc5bf77ce4365711adb19c1e0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed