Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 556
Alerts This Week
Warning Icon 1 556

Moderate Advisory for RHSA-2015:1678-01 on Python-Django DoS Issues

red hat
Calendar Grey August 24, 2015
Dist Redhat Esm H88
Essential security patch released for python-django components; vital for Red Hat Enterprise Linux OpenStack administration.
Updated python-django packages that fix a security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

Summary

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle.
A flaw was found in the Django session backends whereby an unauthenticated attacker could cause session records to be created in the configured session store, leading to a Denial of Service. (CVE-2015-5143)
Red Hat would like to thank the upstream Django project for reporting this issue.
All python-django users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues.

References

https://access.redhat.com/security/cve/CVE-2015-5143 https://access.redhat.com/security/updates/classification/#moderate

Package List

Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7:
Source: python-django-1.6.11-2.el7ost.src.rpm
noarch: python-django-1.6.11-2.el7ost.noarch.rpm python-django-bash-completion-1.6.11-2.el7ost.noarch.rpm python-django-doc-1.6.11-2.el7ost.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Advisory ID: RHSA-2015:1678-01
Product: Red Hat Enterprise Linux OpenStack Platform
Issue date: 2015-08-24

Topic

Updated python-django packages that fix a security issue are nowavailable for Red Hat Enterprise Linux OpenStack Platform 6.Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Relevant Releases Architectures

Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch

Bugs Fixed

1239010 - CVE-2015-5143 Django: possible DoS by filling session store

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.