14 DAY TRIAL // Canonical published details about a couple of Django vulnerabilities in its Ubuntu 14.04 LTS, Ubuntu 13.10, Ubuntu 12.10, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS operating systems.
The company has just released a new update for the python-django package in order to fix a couple of problems that affected all the supported Ubuntu OSes.
For example, “Stephen Stewart, Michael Nelson, Natalia Bidart and James Westby discovered that Django improperly removed Vary and Cache-Control headers from HTTP responses when replying to a request from an Internet Explorer or Chrome Frame client. An attacker may use this to retrieve private data or poison caches. This update removes workarounds for bugs in Internet Explorer 6 and 7.”
For a more detailed description of the problems, you can see Canonical's security notification. Users have been advised to upgrade their systems as soon as possible.
The flaws can be fixed if you upgrade your system(s) to the latest python-django packages specific to each distribution. To apply the patch, run the Update Manager application.
In general, a standard system update will make all the necessary changes. A system restart is not needed, but if you have any Django-dependent applications running during the update you will need to restart them.