Advisories » MGASA-2017-0106

Updated python-django packages fix security vulnerability

Publication date: 14 Apr 2017
Modification date: 11 Apr 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-7233 , CVE-2017-7234

Description

It was discovered that Django incorrectly handled numeric redirect URLs. A
remote attacker could possibly use this issue to perform XSS attacks, and
to use a Django server as an open redirect. (CVE-2017-7233)

Phithon Gong discovered that Django incorrectly handled certain URLs when
the jango.views.static.serve() view is being used. A remote attacker could
possibly use a Django server as an open redirect. (CVE-2017-7234)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20628
• https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
• http://www.ubuntu.com/usn/usn-3254-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234

SRPMS

5/core

• python-django-1.8.16-1.1.mga5