GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Jun 26, 2014 11:26 pm Post subject: [ GLSA 201406-26 ] Django: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: Django: Multiple vulnerabilities (GLSA 201406-26)
Severity: normal
Exploitable: remote
Date: June 26, 2014
Updated: December 03, 2014
Bug(s): #508514, #510382
ID: 201406-26
Synopsis
Multiple vulnerabilities have been found Django, the worst of which
may allow a remote attacker to execute code.
Background
Django is a Python-based web framework.
Affected Packages
Package: dev-python/django
Vulnerable: < 1.6.5
Unaffected: >= 1.6.5
Unaffected: >= 1.5.8 < 1.5.9
Unaffected: >= 1.4.13 < 1.4.14
Unaffected: >= 1.5.10 < 1.5.11
Unaffected: >= 1.4.15 < 1.4.16
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Django. Please review
the CVE identifiers referenced below for details.
Impact
A remote attacker could execute code with the privileges of the process,
modify SQL queries, or disclose sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All Django 1.6 users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/django-1.6.5"
|
All Django 1.5 users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/django-1.5.8"
|
All Django 1.4 users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/django-1.4.13"
|
References
CVE-2014-0472
CVE-2014-0473
CVE-2014-0474
CVE-2014-1418
Last edited by GLSA on Wed Dec 03, 2014 4:33 am; edited 1 time in total |
|
News & Announcements
