You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa python-Django

Sigurnosni nedostatak programskog paketa python-Django

openSUSE Security Update: Security update for python-Django
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:2488-1
Rating: moderate
References: #1102680
Cross-References: CVE-2018-14574
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for python-Django to version 2.08 fixes the following issues:

The following security vulnerability was fixed:

– CVE-2018-14574: Fixed an redirection vulnerability in CommonMiddleware
(boo#1102680)

The following other bugs were fixed:

– Fixed a regression in Django 2.0.7 that broke the regex lookup on MariaDB
– Fixed a regression where django.template.Template crashed if the
template_string argument is lazy
– Fixed __regex and __iregex lookups with MySQL
– Fixed admin check crash when using a query expression in
ModelAdmin.ordering
– Fixed admin changelist crash when using a query expression without asc()
or desc() in the page’s ordering
– Fixed a regression that broke custom template filters that use decorators
– Fixed detection of custom URL converters in included pattern
– Fixed a regression that added an unnecessary subquery to the GROUP BY
clause
on MySQL when using a RawSQL annotation
– Fixed WKBWriter.write() and write_hex() for empty polygons on GEOS 3.6.1+
– Fixed a regression in Django 1.10 that could result in large memory
usage when making edits using ModelAdmin.list_editable
– Corrected the import paths that inspectdb generates for
django.contrib.postgres fields
– Fixed crashes in django.contrib.admindocs when a view is a callable
object, such as django.contrib.syndication.views.Feed
– Fixed a regression in Django 1.11.12 where QuerySet.values() or
values_list() after combining an annotated and unannotated queryset with
union(), difference(), or intersection() crashed due to mismatching
columns

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-914=1

Package List:

– openSUSE Leap 15.0 (noarch):

python3-Django-2.0.8-lp150.2.3.1

References:

https://www.suse.com/security/cve/CVE-2018-14574.html
https://bugzilla.suse.com/1102680


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libXcursor

Otkriven je sigurnosni nedostaci programske biblioteke libXcursor za operacijski sustav openSUSE. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja ili...

Close