Test ID:	1.3.6.1.4.1.25623.1.0.61552
Category:	Fedora Local Security Checks
Title:	Fedora Core 9 FEDORA-2008-7672 (Django)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to Django announced via advisory FEDORA-2008-7672. Update Information: Update to upstream version 0.96.3 that fixes cross-site request forgery (CSRF) issue that may occur after user re-authentication after expiration of current session: http://www.djangoproject.com/weblog/2008/sep/02/security/ This issue also affected deployments with Django's bundled CSRF-protection module activated. ChangeLog: * Tue Sep 2 2008 Michel Salim - 0.96.3-1 - CSRF security update: bz#460966 * Mon May 19 2008 Michel Salim - 0.96.2-1 - XSS security update: CVE-2008-2302 (bz# 442757-60) References: [ 1 ] Bug #460966 - Django 0.96.3 Security fix released https://bugzilla.redhat.com/show_bug.cgi?id=460966 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update Django' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2008-7672 Risk factor : Medium CVSS Score: 4.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2302 BugTraq ID: 29209 http://www.securityfocus.com/bid/29209 http://securitytracker.com/id?1020028 http://secunia.com/advisories/30250 http://secunia.com/advisories/30291 http://www.vupen.com/english/advisories/2008/1618 XForce ISS Database: django-loginform-xss(42396) https://exchange.xforce.ibmcloud.com/vulnerabilities/42396
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.