RedHat: RHSA-2020-1324:01 Moderate: python-django security update

    Date 06 Apr 2020
    262
    Posted By LinuxSecurity Advisories
    An update for python-django is now available for Red Hat OpenStack Platform 15 (Stein). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: python-django security update
    Advisory ID:       RHSA-2020:1324-01
    Product:           Red Hat OpenStack Platform
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:1324
    Issue date:        2020-04-06
    CVE Names:         CVE-2019-12781 CVE-2019-14232 CVE-2019-14233 
                       CVE-2019-14234 CVE-2019-14235 
    =====================================================================
    
    1. Summary:
    
    An update for python-django is now available for Red Hat OpenStack Platform
    15 (Stein).
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat OpenStack Platform 15.0 - noarch
    
    3. Description:
    
    Django is a high-level Python Web framework that encourages rapid
    development and a clean, pragmatic design. It focuses on automating as much
    as possible and adhering to the DRY (Don't Repeat Yourself) principle.
    
    Security Fix(es):
    
    * Incorrect HTTP detection with reverse-proxy connecting via HTTPS
    (CVE-2019-12781)
    
    * backtracking in a regular expression in django.utils.text.Truncator leads
    to DoS (CVE-2019-14232)
    
    * the behavior of the underlying HTMLParser leading to DoS (CVE-2019-14233)
    
    * SQL injection possibility in key and index lookups for
    JSONField/HStoreField (CVE-2019-14234)
    
    * Potential memory exhaustion in django.utils.encoding.uri_to_iri()
    (CVE-2019-14235)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page listed in the References section.
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS
    1734405 - CVE-2019-14232 Django: backtracking in a regular expression in django.utils.text.Truncator leads to DoS
    1734410 - CVE-2019-14233 Django: the behavior of the underlying HTMLParser leading to DoS
    1734417 - CVE-2019-14234 Django: SQL injection possibility in key and index lookups for JSONField/HStoreField
    1734422 - CVE-2019-14235 Django: Potential memory exhaustion in django.utils.encoding.uri_to_iri()
    
    6. Package List:
    
    Red Hat OpenStack Platform 15.0:
    
    Source:
    python-django-2.1.11-1.el8ost.src.rpm
    
    noarch:
    python-django-bash-completion-2.1.11-1.el8ost.noarch.rpm
    python3-django-2.1.11-1.el8ost.noarch.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2019-12781
    https://access.redhat.com/security/cve/CVE-2019-14232
    https://access.redhat.com/security/cve/CVE-2019-14233
    https://access.redhat.com/security/cve/CVE-2019-14234
    https://access.redhat.com/security/cve/CVE-2019-14235
    https://access.redhat.com/security/updates/classification/#moderate
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXorwDtzjgjWX9erEAQiGaxAAhyAVlV08zN6z2zY/Wb+V84AAqRoVDsq2
    Vf8qpt15F+e4hkBNGZVin3hEuMfdVaO6hNJFTAIY+JB3c46uta6zhDWUfOq4cgxx
    pROB1LqHzqfkm8B1F05hCdqThLlKtqLoX1qOVJt4ewnzubPjHaPGby8vEKGeVa+M
    +Z9eE5j6c6WgC+IjLG9aSrMcY7edbwXKIM4akncxQQ974LTdH4tU15NEE9Uadrs8
    qceA3Upn7WJzcfFioQ0PywrAo5whNj1bfWPL7BQux2wNGQpJZvmgcbCwDnhoiDIN
    cmTRVVlsG1jzALxTcTuo0B2lUQVrpG0bYPHAx7dCBrGCxUYF25B7mQAdEmkNOSHe
    Zdv50AXnoTUuIT7XeDxPss/jc1oUM78aZO1Z7YuFROxKU+vLndxVdBP0C6T+K8E1
    k+/jO/wwixxrN8UIkizWsvHDgIrhRoLxWJOtEGN3M6UUB/V43Xn8og0dgZ9opC0c
    tu+aXVIwbkNYwyW46BqiNTYpkfaI0gAadkdU/hF+wnjpqvjp8mEXKbCISEx9tnHY
    lzk7t/FzYD1M28eUp2OvWgDJ+US+24U3hkzidOB8CTMyNDWMrPZy1eLUwuig7Q4P
    FfJeh8UyN4BYXO1fVRDyxk1kwKPWR7QSrIUkxtEtPZN66xj9183PBTVmxbhkpFk0
    7Mz/U5XuRCQ=
    =+Ne7
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"94","type":"x","order":"1","pct":79.66,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15.25,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5.08,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.