Mageia 6: MGASA-2019-0035 Severe: python-django Content Spoofing
mageia
January 11, 2019
An upstream patch has been backported to fix a security vulnerability in python-django
Summary
An upstream patch has been backported to fix a security vulnerability in
python-django. CVE-2019-3498: Content spoofing possibility in the
default 404 page
An attacker could craft a malicious URL that could make spoofed content
appear on the default page generated by the
django.views.defaults.page_not_found() view. The URL path is no longer
displayed in the default 404 template and the request_path context
variable is now quoted to fix the issue for custom templates that use
the path.
References
- https://bugs.mageia.org/show_bug.cgi?id=24128
- https://www.djangoproject.com/weblog/2019/jan/04/security-releases/
- https://security-tracker.debian.org/tracker/CVE-2019-3498
- https://www.cve.org/CVERecord?id=CVE-2019-3498
Resolution
SRPMS
- 6/core/python-django-1.8.19-1.1.mga6
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 11 Jan 2019
URL: https://advisories.mageia.org/MGASA-2019-0035.html
Type: security
CVE: CVE-2019-3498
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!