|
|
Log in / Subscribe / Register

python-django: two vulnerabilities

Package(s):python-django CVE #(s):CVE-2016-9013 CVE-2016-9014
Created:November 2, 2016 Updated:November 21, 2016
Description: From the Ubuntu advisory:

Marti Raudsepp discovered that Django incorrectly used a hardcoded password when running tests on an Oracle database. A remote attacker could possibly connect to the database while the tests are running and prevent the test user with the hardcoded password from being removed. (CVE-2016-9013)

Aymeric Augustin discovered that Django incorrectly validated hosts when being run with the debug setting enabled. A remote attacker could possibly use this issue to perform DNS rebinding attacks. (CVE-2016-9014)

Alerts:
Arch Linux ASA-201611-14 python2-django 2016-11-16
Arch Linux ASA-201611-15 python-django 2016-11-16
Fedora FEDORA-2016-3eb5a55123 python-django 2016-11-14
Mageia MGASA-2016-0368 python-django 2016-11-06
Ubuntu USN-3115-1 python-django 2016-11-01
Fedora FEDORA-2016-d4571bf555 python-django 2016-11-19
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds