GLSA-201510-06 : Django: Multiple vulnerabilities

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-201510-06
(Django: Multiple vulnerabilities)

Multiple vulnerabilities have been found in Django:
Session backends create a new record anytime request.session was
accessed (CVE-2015-5143)
Built-in validators in Django do not properly sanitize input
(CVE-2015-5144)
URL validation included a regular expression that was extremely slow
(CVE-2015-5145)

Impact :

A remote attacker may be able cause a Denial of Service condition,
inject arbitrary headers, and conduct HTTP response splitting attacks.

Workaround :

There is no known workaround at this time.

See also :

https://security.gentoo.org/glsa/201510-06

Solution :

All Django 1.8 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-python/django-1.8.3'
All Django 1.7 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-python/django-1.7.9'
All Django 1.4 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-python/django-1.4.21'

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: Gentoo Local Security Checks

Nessus Plugin ID: 86691 ()

Bugtraq ID:

CVE ID: CVE-2015-5143
CVE-2015-5144
CVE-2015-5145

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now