(RHSA-2015:1678) Moderate: python-django security update

2015-08-24T04:00:00
ID RHSA-2015:1678
Type redhat
Reporter RedHat
Modified 2018-03-19T16:26:58

Description

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle.

A flaw was found in the Django session backends whereby an unauthenticated attacker could cause session records to be created in the configured session store, leading to a Denial of Service. (CVE-2015-5143)

Red Hat would like to thank the upstream Django project for reporting this issue.

All python-django users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues.