(RHSA-2015:1678) Moderate: python-django security update

2015-08-2400:00:00

access.redhat.com

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.135 Low

EPSS

Percentile

95.6%

JSON

Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don’t Repeat Yourself)
principle.

A flaw was found in the Django session backends whereby an
unauthenticated attacker could cause session records to be created in
the configured session store, leading to a Denial of Service.
(CVE-2015-5143)

Red Hat would like to thank the upstream Django project for reporting this
issue.

All python-django users are advised to upgrade to these updated
packages, which contain a backported patch to correct these issues.

OSVersionArchitecturePackageVersionFilename
RedHat7noarchpython-django-bash-completion< 1.6.11-2.el7ostpython-django-bash-completion-1.6.11-2.el7ost.noarch.rpm
RedHat7noarchpython-django< 1.6.11-2.el7ostpython-django-1.6.11-2.el7ost.noarch.rpm
RedHat7noarchpython-django-doc< 1.6.11-2.el7ostpython-django-doc-1.6.11-2.el7ost.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	noarch	python-django-bash-completion	< 1.6.11-2.el7ost	python-django-bash-completion-1.6.11-2.el7ost.noarch.rpm
RedHat	7	noarch	python-django	< 1.6.11-2.el7ost	python-django-1.6.11-2.el7ost.noarch.rpm
RedHat	7	noarch	python-django-doc	< 1.6.11-2.el7ost	python-django-doc-1.6.11-2.el7ost.noarch.rpm