openSUSE-SU-2013:1203-1: moderate: python-django to 1.4.5

16 Jul 2013

      openSUSE Security Update: python-django to 1.4.5
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2013:1203-1
Rating:             moderate
References:         #787521 #807175 
Cross-References:   CVE-2012-4520 CVE-2013-0305 CVE-2013-0306
                    CVE-2013-1665
Affected Products:
                    openSUSE 12.3
                    openSUSE 12.2
______________________________________________________________________________

   An update that fixes four vulnerabilities is now available.

Description:

   python-django was updated to 1.4.5 to fix various security
   issues and bugs.

   Update to 1.4.5:
   - Security release.
   - Fix bnc#807175 / bnc#787521 / CVE-2012-4520 /
   CVE-2013-0305 / CVE-2013-0306 and CVE-2013-1665.

   - Update to 1.4.3:
   - Security release:
   - Host header poisoning
   - Redirect poisoning
   - Please check release notes for details:
   https://www.djangoproject.com/weblog/2012/dec/10/security

   - Add a symlink from /usr/bin/django-admin.py to
   /usr/bin/django-admin

   - Update to 1.4.2:
   - Security release:
   - Host header poisoning
   - Please check release notes for details:
   https://www.djangoproject.com/weblog/2012/oct/17/security

   - Update to 1.4.1:
   - Security release:
   - Cross-site scripting in authentication views
   - Denial-of-service in image validation
   - Denial-of-service via get_image_dimensions()
   - Please check release notes for details:
   https://www.djangoproject.com/weblog/2012/jul/30/security-re
   leases-issued

   - Add patch to support CSRF_COOKIE_HTTPONLY config

Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 12.3:

      zypper in -t patch openSUSE-2013-589

   - openSUSE 12.2:

      zypper in -t patch openSUSE-2013-589

   To bring your system up-to-date, use "zypper patch".

Package List:

   - openSUSE 12.3 (noarch):

      python-django-1.4.5-2.4.1

   - openSUSE 12.2 (noarch):

      python-django-1.4.5-2.4.1

References:

   http://support.novell.com/security/cve/CVE-2012-4520.html
   http://support.novell.com/security/cve/CVE-2013-0305.html
   http://support.novell.com/security/cve/CVE-2013-0306.html
   http://support.novell.com/security/cve/CVE-2013-1665.html
   https://bugzilla.novell.com/787521
   https://bugzilla.novell.com/807175

openSUSE-SU-2013:1203-1: moderate: python-django to 1.4.5

opensuse-security＠opensuse.org