You are here
Home > Preporuke > Ranjivosti programskog paketa python-django15

Ranjivosti programskog paketa python-django15

  • Detalji os-a: FED
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2014-08-28 14:40:29

Name : python-django15
Product : Fedora 20
Version : 1.5.9
Release : 1.fc20
Summary : A high-level Python Web framework
Description :
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don’t Repeat Yourself)

Update Information:

Security fix for CVE-2014-0480, CVE-2014-0481, CVE-2014-0482, CVE-2014-0483

[ 1 ] Bug #1129950 – CVE-2014-0480 Django: reverse() can generate URLs pointing to other hosts, leading to phishing attacks
[ 2 ] Bug #1129952 – CVE-2014-0481 Django: file upload denial of service
[ 3 ] Bug #1129954 – CVE-2014-0482 Django: RemoteUserMiddleware session hijacking
[ 4 ] Bug #1129959 – CVE-2014-0483 Django: data leakage via querystring manipulation in admin

This update can be installed with the “yum” update program. Use
su -c ‘yum update python-django15’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorTomislav Protega
Cert idNCERT-REF-2014-09-0025-ADV
CveCVE-2014-0480 CVE-2014-0481 CVE-2014-0482 CVE-2014-0483
ID izvornikaFEDORA-2014-9866
More in Preporuke
Ranjivost programskog paketa net-snmp

Otkrivena je DoS ranjivost u načinu kojim je snmptrapd upravljao određenim SNMP trap porukama kada započinju s opcijom "-OQ". Uspješna...