Novell Home

CVE-2013-1443

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-1443 at MITRE

Description

The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption) via a long password which is then hashed.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Novell/SUSE information

Novell Bugzilla entry: 840518, 840832

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Cloud 1.0
  • python-django >= 1.4.8-0.5.1
Builds
SAT Patch Nr: 8367
SUSE Cloud 2.0
  • python-django >= 1.4.8-0.8.1
Builds
SAT Patch Nr: 8368

© 2014 Novell