Linux Security
    Linux Security
    Linux Security

    RedHat: RHSA-2020-4390:01 Moderate: python-django security update

    Date 28 Oct 2020
    280
    Posted By LinuxSecurity Advisories
    An update for python-django is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: python-django security update
    Advisory ID:       RHSA-2020:4390-01
    Product:           Red Hat OpenStack Platform
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:4390
    Issue date:        2020-10-28
    CVE Names:         CVE-2019-12781 CVE-2019-14232 CVE-2019-14233 
                       CVE-2019-14234 CVE-2019-14235 
    =====================================================================
    
    1. Summary:
    
    An update for python-django is now available for Red Hat OpenStack Platform
    13 (Queens).
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat OpenStack Platform 13.0 - noarch
    Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server - noarch
    
    3. Description:
    
    Django is a high-level Python Web framework that encourages rapid
    development and a clean, pragmatic design. It focuses on automating as much
    as possible and adhering to the DRY (Don't Repeat Yourself) principle.
    
    Security Fix(es):
    
    * Incorrect HTTP detection with reverse-proxy connecting via HTTPS
    (CVE-2019-12781)
    
    * backtracking in a regular expression in django.utils.text.Truncator leads
    to DoS (CVE-2019-14232)
    
    * the behavior of the underlying HTMLParser leading to DoS (CVE-2019-14233)
    
    * SQL injection possibility in key and index lookups for
    JSONField/HStoreField (CVE-2019-14234)
    
    * Potential memory exhaustion in django.utils.encoding.uri_to_iri()
    (CVE-2019-14235)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page listed in the References section.
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS
    1734405 - CVE-2019-14232 Django: backtracking in a regular expression in django.utils.text.Truncator leads to DoS
    1734410 - CVE-2019-14233 Django: the behavior of the underlying HTMLParser leading to DoS
    1734417 - CVE-2019-14234 Django: SQL injection possibility in key and index lookups for JSONField/HStoreField
    1734422 - CVE-2019-14235 Django: Potential memory exhaustion in django.utils.encoding.uri_to_iri()
    
    6. Package List:
    
    Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server:
    
    Source:
    python-django-1.11.27-1.el7ost.src.rpm
    
    noarch:
    python-django-bash-completion-1.11.27-1.el7ost.noarch.rpm
    python2-django-1.11.27-1.el7ost.noarch.rpm
    
    Red Hat OpenStack Platform 13.0:
    
    Source:
    python-django-1.11.27-1.el7ost.src.rpm
    
    noarch:
    python-django-bash-completion-1.11.27-1.el7ost.noarch.rpm
    python2-django-1.11.27-1.el7ost.noarch.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2019-12781
    https://access.redhat.com/security/cve/CVE-2019-14232
    https://access.redhat.com/security/cve/CVE-2019-14233
    https://access.redhat.com/security/cve/CVE-2019-14234
    https://access.redhat.com/security/cve/CVE-2019-14235
    https://access.redhat.com/security/updates/classification/#moderate
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBX5m7pdzjgjWX9erEAQiHUA/8C//T3mkHCVcm0h8HlFVf7PIDLAw2SXCT
    y4YCD7J9WX848OC+kzPSfWXjcP+thQ7kifQR+ilMOjeh5bBh7riuxVgYqWOZornH
    j10R6S6Po16IcQGYg+UWPPT1oIY+VAC7CcS3i6rRXrIsMlfOl+mYiAHcToiqY4Lw
    s0HFsciz4HntR6ln4iNYUa5xKK0/30mgFA7izJz7xy1ajkr0tTKw2hOXulHMkz+v
    XzlPzNAp5NcB6HVgsrqcqks+ilacyP41cJNPbMjhjnd4uik5XMx+ViQjZns7ja53
    udhhD7PPm3jWHYU+HIhTaVVZiB9/f8dkFi539IlRC5LLMXaMs2dY50/y0TXo7tCX
    78s2IKFmYJ2EHCP4J8HyzZRmiHcShJoA4fL6VhWOFtoQnHMPGLeRZnqlE5n8PtWa
    inPdAUJehkEmhPwcwsKHa9J4GqB2xxTg+utl0auKsCdl/yhBhTXAtSHrknuzVxqw
    mfvIkYJ0KUNvSSTfxhBLtKhg9acosX7yXYVlhYVdVacAQvXfKx+EF4t+tbFD2igR
    +AzoDWHtiqrBxNYoz9dsU7YNgFaZ6J48UntixMB2/kbbsK8T3iJu4tsf0coXeYLf
    w2RpsH0BaBHDYO4QwqZ2gtpXJ5SJAkOo9etj2zXq1b12vidXLzt+ej4Jj+Pr8Wy/
    p1T5/B4M9KY=
    =yuqf
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    Advisories

    LinuxSecurity Poll

    How long have you been using Linux?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/46-how-long-have-you-been-using-linux?task=poll.vote&format=json
    46
    radio
    [{"id":"160","title":"Just made the switch!","votes":"3","type":"x","order":"1","pct":9.68,"resources":[]},{"id":"161","title":"1-5 years","votes":"5","type":"x","order":"2","pct":16.13,"resources":[]},{"id":"162","title":"6-10 years","votes":"1","type":"x","order":"3","pct":3.23,"resources":[]},{"id":"163","title":">10 years - I'm a veteran!","votes":"22","type":"x","order":"4","pct":70.97,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.