ArchLinux: 201902-14: python-django: denial of service

    Date12 Feb 2019
    Posted ByLinuxSecurity Advisories
    The package python-django before version 2.1.6-1 is vulnerable to denial of service.
    Arch Linux Security Advisory ASA-201902-14
    Severity: Medium
    Date    : 2019-02-12
    CVE-ID  : CVE-2019-6975
    Package : python-django
    Type    : denial of service
    Remote  : Yes
    Link    :
    The package python-django before version 2.1.6-1 is vulnerable to
    denial of service.
    Upgrade to 2.1.6-1.
    # pacman -Syu "python-django>=2.1.6-1"
    The problem has been fixed upstream in version 2.1.6.
    Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before
    2.1.6 allows uncontrolled memory consumption via a malicious attacker-
    supplied value to the django.utils.numberformat.format() function.
    If the affected numberformat function as used by contrib.admin as well
    as the the floatformat, filesizeformat, and intcomma templates filters
    receives a Decimal with a large number of digits or a large exponent,
    it could lead to significant memory usage due to a call to
    A remote attacker is able to crash a target server that uses float-
    number-based filters by making the server filter numbers with very
    large exponents or number of digits.
    You are not authorised to post comments.

    LinuxSecurity Poll

    What is your favorite feature?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"65","title":"Feature articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"66","title":"News","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"67","title":"HOWTOs","votes":"0","type":"x","order":"3","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.