[python-django-horizon/el6] CVE-2012-3540 vulnerability in authentication mechanism
Nuno Santos
nsantos at fedoraproject.org
Tue Sep 4 15:21:52 UTC 2012
commit fe3526aace7ba54eb73c3000928c2bae15c90d9a
Author: Nuno Santos <nsantos at redhat.com>
Date: Tue Sep 4 11:21:23 2012 -0400
CVE-2012-3540 vulnerability in authentication mechanism
CVE-2012-3540-auth_forms.patch | 25 +++++++++++++++++++++++++
python-django-horizon.spec | 7 ++++++-
2 files changed, 31 insertions(+), 1 deletions(-)
---
diff --git a/CVE-2012-3540-auth_forms.patch b/CVE-2012-3540-auth_forms.patch
new file mode 100644
index 0000000..38260d8
--- /dev/null
+++ b/CVE-2012-3540-auth_forms.patch
@@ -0,0 +1,25 @@
+--- a/horizon/views/auth_forms.py
++++ a/horizon/views/auth_forms.py
+@@ -28,6 +28,7 @@ from django import shortcuts
+ from django.conf import settings
+ from django.contrib import messages
+ from django.contrib.auth import REDIRECT_FIELD_NAME
++from django.utils.http import same_origin
+ from django.utils.translation import ugettext as _
+ from keystoneclient import exceptions as keystone_exceptions
+
+@@ -94,7 +95,13 @@ class Login(forms.SelfHandlingForm):
+ request.session['region_endpoint'] = endpoint
+ request.session['region_name'] = region_name
+
+- redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, "")
++ redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, None)
++ # Make sure the requested redirect matches the protocol,
++ # domain, and port of this request
++ if redirect_to and not same_origin(
++ request.build_absolute_uri(redirect_to),
++ request.build_absolute_uri()):
++ redirect_to = None
+
+ if data.get('tenant', None):
+ try:
diff --git a/python-django-horizon.spec b/python-django-horizon.spec
index ae7c5dd..f1fa166 100644
--- a/python-django-horizon.spec
+++ b/python-django-horizon.spec
@@ -10,7 +10,7 @@
Name: python-django-horizon
Version: 2012.1.1
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: Django application for talking to Openstack
Group: Development/Libraries
@@ -29,6 +29,7 @@ Patch0001: 0001-disable-debug-logging.patch
Patch0002: 0002-default-database.patch
Patch0003: 0003-fix-removal-of-python-django-nose-dependency.patch
Patch4: sphinx-sidebarwidth.patch
+Patch5: CVE-2012-3540-auth_forms.patch
Requires: Django >= 1.3.0
Requires: openstack-glance >= 2012.1
@@ -94,6 +95,7 @@ Documentation for the Django Horizon application for talking with Openstack
%patch0002 -p1
%patch0003 -p1
%patch4 -p1
+%patch5 -p1
%build
%{__python} setup.py build
@@ -143,6 +145,9 @@ python %{_datadir}/openstack-dashboard/manage.py collectstatic --noinput >/dev/n
%doc html
%changelog
+* Thu Aug 30 2012 Nuno Santos <nsantos at redhat.com> - 2012.1.1-2
+- CVE-2012-3540 vulnerability in authentication mechanism
+
* Fri Jul 6 2012 Nuno Santos <nsantos at redhat.com> - 2012.1.1-1
- Update to essex stable release 2012.1.1
More information about the scm-commits
mailing list