Ubuntu Security Notice 2347-1 – Florian Apolloner discovered that Django incorrectly validated URLs. A remote attacker could use this issue to conduct phishing attacks. David Wilson discovered that Django incorrectly handled file name generation. A remote attacker could use this issue to cause Django to consume resources, resulting in a denial of service. David Greisen discovered that Django incorrectly handled certain headers in contrib.auth.middleware.RemoteUserMiddleware. A remote authenticated user could use this issue to hijack web sessions. Various other issues were also addressed.