drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Redirect auf beliebige Seite in python-django
Name: |
Redirect auf beliebige Seite in python-django |
|
ID: |
DSA-4264-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian stretch |
|
Datum: |
So, 5. August 2018, 13:25 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14574 |
|
Applikationen: |
Django |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4264-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 05, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : python-django CVE ID : CVE-2018-14574
Andreas Hug discovered an open redirect in Django, a Python web development framework, which is exploitable if django.middleware.common.CommonMiddleware is used and the APPEND_SLASH setting is enabled.
For the stable distribution (stretch), this problem has been fixed in version 1:1.10.7-2+deb9u2.
We recommend that you upgrade your python-django packages.
For the detailed security status of python-django please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-django
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAltmzGgACgkQEMKTtsN8 TjbRCg/9EEHC2y1WWDUSFXX4Jr0oGnedUOAHzLf5IKPjTxpzidvvt+2GegujQAC8 OJ4x/VgcGaaxKdunLWlaQDYBzET8IVZsdU6WC2byFe/KqNp8aEox/xQYsR4UhEi/ pEWcJaufWCaNh0pV53P/iCRDxxPkc3YXb34HlUNofFy38eOgCAjf+AhtuqlcLUZS w6Ve3Z/YqxaXvWq1GC5miSghnkTVje1irp7P2AejN1wcVLw1Qm3RvdOW9kqauH7K c38vqRDFM1Erp4qFSPO+vby8XRHrd8AmNfDgOfhJ3oKJUDLM5gAbJEbOUrTFm5nT 2PZ21hjV0UxQR2y6KMQGVm2J1+tOCdLAifuMn8iIHroSTJ+aRm4S9s1P9VmB3sbE +Nb6UncqF9juoyKNey1k2d1x3eEesuYWRciSkTlPEqMdf+dNlYvxMxRToBKAR392 5zi2FXB8jhxUxqrZtfLo0Pl2Y576J/Zx9Y/VRZoO6s41P0bYpzfubYZ9c6VX6cv+ QtCOe6qTgKES+OQAkF+sE0Mcy6VJ9vybpPXSN5KnKS+KOq/8qfQHJnKOvgZUyqN3 otlv6517B9REKGp/Uqw7fco+ojMDmMKAPhQLqGtU9oYWpiTjnQXfGL0tNEQJarH0 WtC67LYOKQ/ag49ckL4XssHn0vABITsVqbUTvRYeb+IttbZivOk= =5lk8 -----END PGP SIGNATURE-----
|
|
|
|