vuln-list-alt/oval/c10f1/ALT-PU-2017-1227/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20171227",
      "Version": "oval:org.altlinux.errata:def:20171227",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2017-1227: package `python-module-django` update to version 1.8.17-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch c10f1"
            ],
            "Products": [
              "ALT SP Workstation",
              "ALT SP Server"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2017-1227",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2017-1227",
            "Source": "ALTPU"
          },
          {
            "RefID": "CVE-2016-9013",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-9013",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2016-9014",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-9014",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades python-module-django to version 1.8.17-alt1. \nSecurity Fix(es):\n\n * CVE-2016-9013: Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.\n\n * CVE-2016-9014: Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Critical",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2017-03-01"
          },
          "Updated": {
            "Date": "2017-03-01"
          },
          "BDUs": null,
          "CVEs": [
            {
              "ID": "CVE-2016-9013",
              "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-798",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-9013",
              "Impact": "Critical",
              "Public": "20161209"
            },
            {
              "ID": "CVE-2016-9014",
              "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-264",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-9014",
              "Impact": "High",
              "Public": "20161209"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:spworkstation:10",
              "cpe:/o:alt:spserver:10"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:4001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171227001",
                "Comment": "python-module-django is earlier than 0:1.8.17-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171227002",
                "Comment": "python-module-django-dbbackend-mysql is earlier than 0:1.8.17-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171227003",
                "Comment": "python-module-django-dbbackend-psycopg2 is earlier than 0:1.8.17-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171227004",
                "Comment": "python-module-django-dbbackend-sqlite3 is earlier than 0:1.8.17-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171227005",
                "Comment": "python-module-django-doc is earlier than 0:1.8.17-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171227006",
                "Comment": "python-module-django-tests is earlier than 0:1.8.17-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171227007",
                "Comment": "python3-module-django is earlier than 0:1.8.17-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171227008",
                "Comment": "python3-module-django-dbbackend-mysql is earlier than 0:1.8.17-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171227009",
                "Comment": "python3-module-django-dbbackend-psycopg2 is earlier than 0:1.8.17-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171227010",
                "Comment": "python3-module-django-dbbackend-sqlite3 is earlier than 0:1.8.17-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20171227011",
                "Comment": "python3-module-django-tests is earlier than 0:1.8.17-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}