SUSE-SU-2015:0694-1: moderate: Security update for python-Django

sle-security-updates at sle-security-updates at
Thu Apr 9 13:04:49 MDT 2015

   SUSE Security Update: Security update for python-Django

Announcement ID:    SUSE-SU-2015:0694-1
Rating:             moderate
References:         #923172 #923176 
Cross-References:   CVE-2015-2316 CVE-2015-2317
Affected Products:
                    SUSE Cloud 5

   An update that fixes two vulnerabilities is now available.
   It includes one version update.


   python-Django has been updated to fix two vulnerabilities:

       * URLs starting with control characters could have allowed XSS
         (cross-site-scripting) attacks via user-supplied redirect URLs
       * An infinite loop possibility could be triggered in the strip_tags()
         function, which allowed denial of service attacks (CVE-2015-2316)

   Security Issues:

       * CVE-2015-2316
       * CVE-2015-2317

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Cloud 5:

      zypper in -t patch sleclo50sp3-python-Django=10539

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Cloud 5 (x86_64) [New Version: 1.6.11]:



More information about the sle-security-updates mailing list