Alerts This Week
Warning Icon 1 700
Alerts This Week
Warning Icon 1 700

Fedora 23: 2016-12567 High: Flask Application Security Flaws

fedora
Calendar Grey July 23, 2015
Dist Fedora Esm H88
The latest update of Fedora's python-django version 1.8.3 resolves serious vulnerabilities involving denial of service and input validation concerns.
update to 1.8.3 fixing 3 CVE

Summary

Django is a high-level Python Web framework that encourages rapid

development and a clean, pragmatic design. It focuses on automating as

much as possible and adhering to the DRY (Don't Repeat Yourself)

principle.

Update Information:

update to 1.8.3 fixing 3 CVE

Topics%20covered

Topics Covered

security advisory update Fedora DoS Python Django

Change Log

* Thu Jul 9 2015 Matthias Runge - 1.8.3-1 - fix DoS via URL validation, CVE-2015-5145 (rhbh#1240526) - possible header injection due to validators accepting newlines in input, CVE-2015-5144 (rhbz#1239011) - possible DoS by filling session store, CVE-2015-5143 (rhbz#1239010) - update to 1.8.3 (rhbz#1241300) * Mon Jul 6 2015 Matthias Runge - 1.8.2-2 - disable failing py2 tests for now, p3 passes (rhbz#1239824) * Thu Jun 18 2015 Fedora Release Engineering - 1.8.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Wed May 20 2015 Matthias Runge - 1.8.2-1 - fix CVE-2015-3982 - Fixed session flushing in the cached_db backend (rhbz#1223591)

References


[ 1 ] Bug #1240526 - CVE-2015-5145 Django: DoS via incorrect URL validation https://bugzilla.redhat.com/show_bug.cgi?id=1240526 [ 2 ] Bug #1239011 - CVE-2015-5144 Django: possible header injection due to validators accepting newlines in input https://bugzilla.redhat.com/show_bug.cgi?id=1239011 [ 3 ] Bug #1239010 - CVE-2015-5143 Django: possible DoS by filling session store https://bugzilla.redhat.com/show_bug.cgi?id=1239010

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update python-django' at the command line. For more information, refer to "Managing Software with yum", available at .

Name: python-django
Product: Fedora 22
Version: 1.8.3
Release: 1.fc22
URL: http://www.djangoproject.com/
Summary: A high-level Python Web framework

Topics%20covered

Topics Covered

security advisory update Fedora DoS Python Django

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here