Advisories ยป MGASA-2016-0334

Updated python-django packages fix security vulnerability

Publication date: 04 Oct 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-7401

Description

CVE-2016-7401: CSRF protection bypass on a site with Google Analytics

An interaction between Google Analytics and Django's cookie parsing could
allow an attacker to set arbitrary cookies leading to a bypass of CSRF
protection.
                

References

SRPMS

5/core