Bug 1549777 (CVE-2018-7536) - CVE-2018-7536 django: Catastrophic backtracking in regular expressions via 'urlize' and 'urlizetrunc'
Summary: CVE-2018-7536 django: Catastrophic backtracking in regular expressions via 'u...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-7536
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: Red Hat1549905 Red Hat1549906 Red Hat1551895 Red Hat1551896 Red Hat1551897 Red Hat1551898 Red Hat1551899 Red Hat1551900 Red Hat1551901 1552177 1552178 1552179 Engineering1552307 Red Hat1554694 Red Hat1557374 Red Hat1557395 Red Hat1557396
Blocks: Embargoed1549781
TreeView+ depends on / blocked
 
Reported: 2018-02-27 19:59 UTC by Pedro Sampaio
Modified: 2021-02-17 00:44 UTC (History)
38 users (show)

Fixed In Version: Django 2.0.3, Django 1.11.11, Django 1.8.19
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-08 03:41:44 UTC

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:2927 0 None None None 2018-10-16 15:21:32 UTC
Red Hat Product Errata RHSA-2019:0051 0 None None None 2019-01-16 17:11:51 UTC
Red Hat Product Errata RHSA-2019:0082 0 None None None 2019-01-16 17:52:55 UTC
Red Hat Product Errata RHSA-2019:0265 0 None None None 2019-02-04 07:43:42 UTC

Description Pedro Sampaio 2018-02-27 19:59:49 UTC 
CVE-2018-7536: Denial-of-service possibility in ``urlize`` and
``urlizetrunc`` template filters
===========================================================================

The ``django.utils.html.urlize()`` function was extremely slow to evaluate
certain inputs due to catastrophic backtracking vulnerabilities in two
regular expressions (one regular expression for Django 1.8). The
``urlize()``
function is used to implement the ``urlize`` and ``urlizetrunc`` template
filters, which were thus vulnerable.

The problematic regular expressions are replaced with parsing logic that
behaves similarly.
Comment 5 Adam Mariš 2018-03-06 16:13:39 UTC 
Acknowledgments:

Name: the Django project
Comment 6 Adam Mariš 2018-03-06 16:13:57 UTC 
External References:

https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
Comment 7 Adam Mariš 2018-03-06 16:17:00 UTC 
Created python-django tracking bugs for this issue:

Affects: fedora-all [bug 1552178]
Affects: epel-7 [bug 1552179]


Created python-django16 tracking bugs for this issue:

Affects: epel-7 [bug 1552177]
Comment 13 Andrej Nemec 2018-05-14 15:19:51 UTC 
Statement:

This issue affects the versions of django as shipped with Red Hat Subscription Asset Manager. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Comment 14 errata-xmlrpc 2018-10-16 15:20:55 UTC 
This issue has been addressed in the following products:

  Red Hat Satellite 6.4 for RHEL 7

Via RHSA-2018:2927 https://access.redhat.com/errata/RHSA-2018:2927
Comment 18 errata-xmlrpc 2019-01-16 17:11:49 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 10.0 (Newton)

Via RHSA-2019:0051 https://access.redhat.com/errata/RHSA-2019:0051
Comment 19 errata-xmlrpc 2019-01-16 17:52:52 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 13.0 (Queens)

Via RHSA-2019:0082 https://access.redhat.com/errata/RHSA-2019:0082
Comment 20 errata-xmlrpc 2019-02-04 07:43:40 UTC 
This issue has been addressed in the following products:

  Red Hat Gluster Storage 3.4 for RHEL 7

Via RHSA-2019:0265 https://access.redhat.com/errata/RHSA-2019:0265
Note You need to log in before you can comment on or make changes to this bug.