 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.1.10.2015.0127 |
| Kategorie: | Mageia Linux Local Security Checks |
| Titel: | Mageia: Security Advisory (MGASA-2015-0127) |
| Zusammenfassung: | The remote host is missing an update for the 'python-django, python-django14' package(s) announced via the MGASA-2015-0127 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'python-django, python-django14' package(s) announced via the MGASA-2015-0127 advisory. Vulnerability Insight: Updated python-django and python-django14 packages fix security vulnerabilities: The ModelAdmin.readonly_fields attribute in the Django admin allows displaying model fields and model attributes. While the former were correctly escaped, the latter were not. Thus untrusted content could be injected into the admin, presenting an exploitation vector for XSS attacks (CVE-2015-2241). Django relies on user input in some cases to redirect the user to an 'on success' URL. The security checks for these redirects accepted URLs with leading control characters and so considered URLs like \x08javascript:... safe. This issue doesn't affect Django currently, however, if a developer relies on is_safe_url() to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack as some browsers such as Google Chrome ignore control characters at the start of a URL in an anchor href (CVE-2015-2317). Note that the CVE-2015-2241 issue does not affect python-django14 directly, but client code using it may be affected. Please see the March 9th upstream advisory for more information on this. Affected Software/OS: 'python-django, python-django14' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-2241 BugTraq ID: 73095 http://www.securityfocus.com/bid/73095 http://www.mandriva.com/security/advisories?name=MDVSA-2015:109 Common Vulnerability Exposure (CVE) ID: CVE-2015-2316 BugTraq ID: 73322 http://www.securityfocus.com/bid/73322 http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155421.html SuSE Security Announcement: openSUSE-SU-2015:0643 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html http://www.ubuntu.com/usn/USN-2539-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-2317 BugTraq ID: 73319 http://www.securityfocus.com/bid/73319 Debian Security Information: DSA-3204 (Google Search) http://www.debian.org/security/2015/dsa-3204 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160263.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:195 SuSE Security Announcement: openSUSE-SU-2015:1598 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html http://ubuntu.com/usn/usn-2539-1 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |