(RHSA-2016:1269) Important: python-django-horizon security update

OpenStack Dashboard (Horizon) provides administrators and users with a
graphical interface to access, provision, and automate cloud-based
resources.

Security Fix(es):

• A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form (for example, using an image’s description), triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised (for example, user-access credentials being stolen). (CVE-2016-4428)

Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Beth Lancaster (Virginia Tech) and Brandon Sawyers (Virginia Tech) as the original reporters.