SUSE-SU-2013:1062-1: moderate: Security update for python-django

Thu Jun 20 15:04:31 MDT 2013

   SUSE Security Update: Security update for python-django
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:1062-1
Rating:             moderate
References:         #795264 #807175 
Cross-References:   CVE-2012-4520 CVE-2013-0305 CVE-2013-0306
                    CVE-2013-1665
Affected Products:
                    SUSE Cloud 1.0
______________________________________________________________________________

   An update that fixes four vulnerabilities is now available.
   It includes one version update.

Description:

   python django was updated to version 1.4.5 which fixes
   several bugs and  security problems.

   * Update to 1.4.5 (bnc#807175, bnc#795264): o Security
   release ( CVE-2012-4520 CVE-2013-0305 CVE-2013-0306
   CVE-2013-1665 )
   *

   Update to 1.4.3:

   o Security release: o Host header poisoning o
   Redirect poisoning o Please check release notes for
   details:
   https://www.djangoproject.com/weblog/2012/dec/10/security
   <https://www.djangoproject.com/weblog/2012/dec/10/security>
   *

   Add a symlink from /usr/bin/django-admin.py to
   /usr/bin/django-admin

   *

   Update to 1.4.2:

   o Security release: o Host header poisoning o
   Please check release notes for details:
   https://www.djangoproject.com/weblog/2012/oct/17/security
   <https://www.djangoproject.com/weblog/2012/oct/17/security>
   *

   Update to 1.4.1:

   o Security release: o Cross-site scripting in
   authentication views o Denial-of-service in image
   validation o Denial-of-service via get_image_dimensions() o
   Please check release notes for details:
   https://www.djangoproject.com/weblog/2012/jul/30/security-re
   leases-issued
   <https://www.djangoproject.com/weblog/2012/jul/30/security-r
   eleases-issued>

   Security Issue references:

   * CVE-2012-4520
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4520
   >
   * CVE-2013-0305
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0305
   >
   * CVE-2013-0306
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0306
   >
   * CVE-2013-1665
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665
   >

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Cloud 1.0:

      zypper in -t patch sleclo10sp2-python-django-7839

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Cloud 1.0 (x86_64) [New Version: 1.4.5]:

      python-django-1.4.5-0.6.2.1

References:

   http://support.novell.com/security/cve/CVE-2012-4520.html
   http://support.novell.com/security/cve/CVE-2013-0305.html
   http://support.novell.com/security/cve/CVE-2013-0306.html
   http://support.novell.com/security/cve/CVE-2013-1665.html
   https://bugzilla.novell.com/795264
   https://bugzilla.novell.com/807175
   http://download.novell.com/patch/finder/?keywords=7ea32c047895ee67361bae4515c29ef8