Bug 1549777 (CVE-2018-7536)

Summary: CVE-2018-7536 django: Catastrophic backtracking in regular expressions via 'urlize' and 'urlizetrunc'
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: apevec, augol, bcourt, bkearney, cbillett, chrisw, jakub.dornak, jal233, jjoyce, jmatthew, jschluet, kbasil, lhh, lpeer, mariel, markmc, mburns, mhroncok, michel, mmccune, mrike, mrunge, ohadlevy, rbryant, rchan, rhos-maint, sclewis, security-response-team, sgallagh, sisharma, slinaber, slong, srevivo, ssaha, tdecacqu, tomckay, tsanders, vbellur
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,public=20180306,reported=20180227,source=upstream,cvss3=5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L,cwe=CWE-20->CWE-400,openstack-6/python-django=wontfix,openstack-7/python-django=affected,openstack-7-optools/python-django=wontfix,openstack-8/python-django=affected,openstack-8-optools/python-django=wontfix,openstack-9/python-django=affected,openstack-9-optools/python-django=wontfix,openstack-10/python-django=affected,openstack-11/python-django=affected,openstack-12/python-django=affected,sam-1/Django=wontfix,openstack-13/python-django=affected,epel-7/python-django=affected,epel-7/python-django16=affected,fedora-all/python-django=affected,rhel-br-8/python-django=wontfix,ceph-1.3/python-django=affected,ceph-2/python-django=affected,ceph-3/python-django=affected,rhscon-2/python-django=wontfix,rhn_satellite_6/python-django=affected,rhes-3/python-django=affected
Fixed In Version: Django 2.0.3, Django 1.11.11, Django 1.8.19 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 03:41:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 1557374, 1557395, 1549905, 1549906, 1551895, 1551896, 1551897, 1551898, 1551899, 1551900, 1551901, 1552177, 1552178, 1552179, 1552307, 1554694, 1557396    
Bug Blocks: 1549781    

Description Pedro Sampaio 2018-02-27 19:59:49 UTC
CVE-2018-7536: Denial-of-service possibility in ``urlize`` and
``urlizetrunc`` template filters
===========================================================================

The ``django.utils.html.urlize()`` function was extremely slow to evaluate
certain inputs due to catastrophic backtracking vulnerabilities in two
regular expressions (one regular expression for Django 1.8). The
``urlize()``
function is used to implement the ``urlize`` and ``urlizetrunc`` template
filters, which were thus vulnerable.

The problematic regular expressions are replaced with parsing logic that
behaves similarly.

Comment 5 Adam Mariš 2018-03-06 16:13:39 UTC
Acknowledgments:

Name: the Django project

Comment 6 Adam Mariš 2018-03-06 16:13:57 UTC
External References:

https://www.djangoproject.com/weblog/2018/mar/06/security-releases/

Comment 7 Adam Mariš 2018-03-06 16:17:00 UTC
Created python-django tracking bugs for this issue:

Affects: fedora-all [bug 1552178]
Affects: epel-7 [bug 1552179]


Created python-django16 tracking bugs for this issue:

Affects: epel-7 [bug 1552177]

Comment 13 Andrej Nemec 2018-05-14 15:19:51 UTC
Statement:

This issue affects the versions of django as shipped with Red Hat Subscription Asset Manager. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Comment 14 errata-xmlrpc 2018-10-16 15:20:55 UTC
This issue has been addressed in the following products:

  Red Hat Satellite 6.4 for RHEL 7

Via RHSA-2018:2927 https://access.redhat.com/errata/RHSA-2018:2927

Comment 18 errata-xmlrpc 2019-01-16 17:11:49 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 10.0 (Newton)

Via RHSA-2019:0051 https://access.redhat.com/errata/RHSA-2019:0051

Comment 19 errata-xmlrpc 2019-01-16 17:52:52 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 13.0 (Queens)

Via RHSA-2019:0082 https://access.redhat.com/errata/RHSA-2019:0082

Comment 20 errata-xmlrpc 2019-02-04 07:43:40 UTC
This issue has been addressed in the following products:

  Red Hat Gluster Storage 3.4 for RHEL 7

Via RHSA-2019:0265 https://access.redhat.com/errata/RHSA-2019:0265