Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Red Hat: RHSA-2015:1686-01 Moderate: Django DoS Issue in OpenStack

red hat
Calendar Grey August 25, 2015
Dist Redhat Esm H88
New django-related packages released for Red Hat addressing a moderate security vulnerability. This update resolves an issue that could lead to denial of service in the session storage.
Updated python-django packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle.
A flaw was found in the Django session backend, which could allow an unauthenticated attacker to create session records in the configured session store, causing a denial of service by filling up the session store. (CVE-2015-5143)
Red Hat would like to thank the upstream Django project for reporting this issue.
All python-django users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

References

https://access.redhat.com/security/cve/CVE-2015-5143 https://access.redhat.com/security/updates/classification/#moderate

Package List

Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6:
Source: python-django-1.6.11-1.el6ost.src.rpm
noarch: python-django-1.6.11-1.el6ost.noarch.rpm python-django-bash-completion-1.6.11-1.el6ost.noarch.rpm python-django-doc-1.6.11-1.el6ost.noarch.rpm
Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7:
Source: python-django-1.6.11-2.el7ost.src.rpm
noarch: python-django-1.6.11-2.el7ost.noarch.rpm python-django-bash-completion-1.6.11-2.el7ost.noarch.rpm python-django-doc-1.6.11-2.el7ost.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Advisory ID: RHSA-2015:1686-01
Product: Red Hat Enterprise Linux OpenStack Platform
Issue date: 2015-08-25

Topic

Updated python-django packages that fix one security issue are nowavailable for Red Hat Enterprise Linux OpenStack Platform 5.Red Hat Product Security has rated this update as having Moderate securityimpact. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available from the CVE link in theReferences section.

Relevant Releases Architectures

Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch

Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch

Bugs Fixed

1239010 - CVE-2015-5143 Django: possible DoS by filling session store

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.