| Revision Date: | 2018-04-18 | Version: | 1 |
| Title: | Security update for python-Django (Moderate) |
| Description: |
This update for python-Django fixes the following issues:
Security issues fixed:
- CVE-2018-7537: Fixed catastrophic backtracking in django.utils.text.Truncator. (bsc#1083305) - CVE-2018-7536: Fixed catastrophic backtracking in urlize and urlizetrunc template filters. (bsc#1083304) - CVE-2017-12794: Fixed XSS possibility in traceback section of technical 500 debug page (bsc#1056284) - CVE-2017-7234: Open redirect vulnerability in django.views.static.serve() (bsc#1031451) - CVE-2017-7233: Open redirect and possible XSS attack via user-supplied numeric redirect URLs (bsc#1031450) - CVE-2016-9014: DNS rebinding vulnerability when DEBUG=True (bsc#1008047) - CVE-2016-9013: User with hardcoded password created when running tests on Oracle (bsc#1008050) - CVE-2016-7401: CSRF protection bypass on a site with Google Analytics (bsc#1001374)
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1001374
1008047
1008050
1031450
1031451
1056284
1083304
1083305
CVE-2016-7401
CVE-2016-9013
CVE-2016-9014
CVE-2017-12794
CVE-2017-7233
CVE-2017-7234
CVE-2018-7536
CVE-2018-7537
SUSE-SU-2018:0973-1
|
| Platform(s): | SUSE OpenStack Cloud 7
| Product(s): | |
| Definition Synopsis |
| SUSE OpenStack Cloud 7 is installed AND python-Django-1.8.19-3.4.1 is installed
|