Advisories » MGASA-2016-0334

Updated python-django packages fix security vulnerability

Publication date: 04 Oct 2016
Modification date: 04 Oct 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-7401

Description

CVE-2016-7401: CSRF protection bypass on a site with Google Analytics

An interaction between Google Analytics and Django's cookie parsing could
allow an attacker to set arbitrary cookies leading to a bypass of CSRF
protection.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=19464
• https://www.djangoproject.com/weblog/2016/sep/26/security-releases/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7401

SRPMS

5/core

• python-django-1.8.15-1.mga5