Security update for python-django
SUSE Security Update: Security update for python-django
python django was updated to version 1.4.5 which fixes
several bugs and security problems.
* Update to 1.4.5 (bnc#807175, bnc#795264): o Security
release ( CVE-2012-4520 CVE-2013-0305 CVE-2013-0306
CVE-2013-1665 )
*
Update to 1.4.3:
o Security release: o Host header poisoning o
Redirect poisoning o Please check release notes for
details:
https://www.djangoproject.com/weblog/2012/dec/10/security
*
Add a symlink from /usr/bin/django-admin.py to
/usr/bin/django-admin
*
Update to 1.4.2:
o Security release: o Host header poisoning o
Please check release notes for details:
https://www.djangoproject.com/weblog/2012/oct/17/security
*
Update to 1.4.1:
o Security release: o Cross-site scripting in
authentication views o Denial-of-service in image
validation o Denial-of-service via get_image_dimensions() o
Please check release notes for details:
https://www.djangoproject.com/weblog/2012/jul/30/security-re
leases-issued
Security Issue references:
* CVE-2012-4520
>
* CVE-2013-0305
>
* CVE-2013-0306
>
* CVE-2013-1665
>
| Announcement ID: | SUSE-SU-2013:1062-1 |
| Rating: | moderate |
| References: | #795264 #807175 |
| Affected Products: |
An update that fixes four vulnerabilities is now available. It includes one version update.
Description:
python django was updated to version 1.4.5 which fixes
several bugs and security problems.
* Update to 1.4.5 (bnc#807175, bnc#795264): o Security
release ( CVE-2012-4520 CVE-2013-0305 CVE-2013-0306
CVE-2013-1665 )
*
Update to 1.4.3:
o Security release: o Host header poisoning o
Redirect poisoning o Please check release notes for
details:
https://www.djangoproject.com/weblog/2012/dec/10/security
*
Add a symlink from /usr/bin/django-admin.py to
/usr/bin/django-admin
*
Update to 1.4.2:
o Security release: o Host header poisoning o
Please check release notes for details:
https://www.djangoproject.com/weblog/2012/oct/17/security
*
Update to 1.4.1:
o Security release: o Cross-site scripting in
authentication views o Denial-of-service in image
validation o Denial-of-service via get_image_dimensions() o
Please check release notes for details:
https://www.djangoproject.com/weblog/2012/jul/30/security-re
leases-issued
Security Issue references:
* CVE-2012-4520
* CVE-2013-0305
* CVE-2013-0306
* CVE-2013-1665
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Cloud 1.0:
zypper in -t patch sleclo10sp2-python-django-7839
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Cloud 1.0 (x86_64) [New Version: 1.4.5]:
- python-django-1.4.5-0.6.2.1
References:
- http://support.novell.com/security/cve/CVE-2012-4520.html
- http://support.novell.com/security/cve/CVE-2013-0305.html
- http://support.novell.com/security/cve/CVE-2013-0306.html
- http://support.novell.com/security/cve/CVE-2013-1665.html
- https://bugzilla.novell.com/795264
- https://bugzilla.novell.com/807175
- http://download.suse.com/patch/finder/?keywords=7ea32c047895ee67361bae4515c29ef8