Mandriva Linux Security Advisory : python-django (MDVSA-2008:185)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing a security update.

Description :

A cross-site request forgery vulnerability was discovered in Django
that, if exploited, could be used to perform unrequested deletion or
modification of data. Updated versions of Django will now discard
posts from users whose sessions have expired, so data will need to be
re-entered in these cases (CVE-2008-3909).

The versions of Django shipping with Mandriva Linux have been updated
to the latest patched versions that include the fix for this issue. In
addition, they provide other bug fixes.

See also :

http://www.djangoproject.com/weblog/2008/sep/02/security/

Solution :

Update the affected python-django package.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 37030 (mandriva_MDVSA-2008-185.nasl)

Bugtraq ID:

CVE ID: CVE-2008-3909

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now