Advisories » MGASA-2015-0327

Updated python-django and python-django14 packages fix security vulnerabilities

Publication date: 27 Aug 2015
Modification date: 27 Aug 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-5963 , CVE-2015-5964

Description

Lin Hua Cheng discovered that Django incorrectly handled the session store.
A remote attacker could use this issue to cause the session store to fill
up, resulting in a denial of service.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16607
• https://www.djangoproject.com/weblog/2015/aug/18/security-releases/
• http://www.ubuntu.com/usn/usn-2720-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5963
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5964

SRPMS

5/core

• python-django-1.8.4-1.mga5

4/core

• python-django14-1.4.22-1.mga4