GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sun Dec 14, 2014 2:26 am Post subject: [ GLSA 201412-22 ] Django: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: Django: Multiple vulnerabilities (GLSA 201412-22)
Severity: normal
Exploitable: remote
Date: December 13, 2014
Bug(s): #521324
ID: 201412-22
Synopsis
Multiple vulnerabilities have been found in Django, the worst of
which may lead to Denial of Service.
Background
Django is a Python-based web framework.
Affected Packages
Package: dev-python/django
Vulnerable: < 1.6.7
Unaffected: >= 1.6.7
Unaffected: >= 1.5.10 < 1.5.11
Unaffected: >= 1.4.15 < 1.4.16
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Django. Please review
the CVE identifiers referenced below for details.
Impact
A remote attacker may be able to create a Denial of Service condition,
obtain sensitive information, or hijack web sessions.
Workaround
There is no known workaround at this time.
Resolution
All Django 1.6 users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/django-1.6.7"
|
All Django 1.5 users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/django-1.5.10"
|
All Django 1.4 users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/django-1.4.15"
|
References
CVE-2014-0480
CVE-2014-0481
CVE-2014-0482
CVE-2014-0483 |
|
News & Announcements
