In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. In order to avoid this vulnerability, key validation is added to the memcached cache backends.
Created django:1.6/python-django tracking bugs for this issue:
Affects: fedora-all [bug 1843620]
Created python-django tracking bugs for this issue:
Affects: epel-all [bug 1843616]
Affects: fedora-all [bug 1843617]
Affects: openstack-rdo [bug 1843619]
Created python-django16 tracking bugs for this issue:
Affects: epel-7 [bug 1843618]
Created python2-django1.11 tracking bugs for this issue:
Affects: fedora-all [bug 1845442]
Red Hat Satellite 6 ships affected python-django, however, it does not use memcached implementation in product code hence not vulnerable to this flaw.
Red Hat Update Infrastructure 3 ships an affected version of python-django, however it does not use memcached as a cache backend and it is not vulnerable to this flaw.
Red Hat Ceph Storage(RHCS) ships an affected version of python-django used with calamari and graphite which are no longer supported, hence the django package will not be fixed for RHCS.