Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2019-0086)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2019.0086

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2019-0086)

Resumen: The remote host is missing an update for the 'python-django' package(s) announced via the MGASA-2019-0086 advisory.

Descripción: Summary:
The remote host is missing an update for the 'python-django' package(s) announced via the MGASA-2019-0086 advisory.

Vulnerability Insight:
If django.utils.numberformat.format() -- used by contrib.admin as well as
the floatformat, filesizeformat, and intcomma templates filters -- received
a Decimal with a large number of digits or a large exponent, it could lead
to significant memory usage due to a call to '{:f}'.format()
(CVE-2019-6975).

Affected Software/OS:
'python-django' package(s) on Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-6975
BugTraq ID: 106964
http://www.securityfocus.com/bid/106964
Bugtraq: 20190708 [SECURITY] [DSA 4476-1] python-django security update (Google Search)
https://seclists.org/bugtraq/2019/Jul/10
Debian Security Information: DSA-4476 (Google Search)
https://www.debian.org/security/2019/dsa-4476
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU/
https://docs.djangoproject.com/en/dev/releases/security/
https://groups.google.com/forum/#!topic/django-announce/WTwEAprR0IQ
https://www.djangoproject.com/weblog/2019/feb/11/security-releases/
https://www.openwall.com/lists/oss-security/2019/02/11/1
https://usn.ubuntu.com/3890-1/

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2019.0086
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2019-0086)
Resumen:	The remote host is missing an update for the 'python-django' package(s) announced via the MGASA-2019-0086 advisory.
Descripción:	Summary: The remote host is missing an update for the 'python-django' package(s) announced via the MGASA-2019-0086 advisory. Vulnerability Insight: If django.utils.numberformat.format() -- used by contrib.admin as well as the floatformat, filesizeformat, and intcomma templates filters -- received a Decimal with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to '{:f}'.format() (CVE-2019-6975). Affected Software/OS: 'python-django' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-6975 BugTraq ID: 106964 http://www.securityfocus.com/bid/106964 Bugtraq: 20190708 [SECURITY] [DSA 4476-1] python-django security update (Google Search) https://seclists.org/bugtraq/2019/Jul/10 Debian Security Information: DSA-4476 (Google Search) https://www.debian.org/security/2019/dsa-4476 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU/ https://docs.djangoproject.com/en/dev/releases/security/ https://groups.google.com/forum/#!topic/django-announce/WTwEAprR0IQ https://www.djangoproject.com/weblog/2019/feb/11/security-releases/ https://www.openwall.com/lists/oss-security/2019/02/11/1 https://usn.ubuntu.com/3890-1/
Copyright	Copyright (C) 2022 Greenbone AG