Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1549777 (CVE-2018-7536) - CVE-2018-7536 django: Catastrophic backtracking in regular expressions via 'urlize' and 'urlizetrunc'
Summary: CVE-2018-7536 django: Catastrophic backtracking in regular expressions via 'u...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-7536
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1549905 1549906 1551895 1551896 1551897 1551898 1551899 1551900 1551901 1552177 1552178 1552179 1552307 1554694 1557374 1557395 1557396
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-02-27 19:59 UTC by Pedro Sampaio
Modified: 2021-02-17 00:44 UTC (History)
38 users (show)

Fixed In Version: Django 2.0.3, Django 1.11.11, Django 1.8.19
Clone Of:
Environment:
Last Closed: 2019-06-08 03:41:44 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:2927 0 None None None 2018-10-16 15:21:32 UTC
Red Hat Product Errata RHSA-2019:0051 0 None None None 2019-01-16 17:11:51 UTC
Red Hat Product Errata RHSA-2019:0082 0 None None None 2019-01-16 17:52:55 UTC
Red Hat Product Errata RHSA-2019:0265 0 None None None 2019-02-04 07:43:42 UTC

Description Pedro Sampaio 2018-02-27 19:59:49 UTC
CVE-2018-7536: Denial-of-service possibility in ``urlize`` and
``urlizetrunc`` template filters
===========================================================================

The ``django.utils.html.urlize()`` function was extremely slow to evaluate
certain inputs due to catastrophic backtracking vulnerabilities in two
regular expressions (one regular expression for Django 1.8). The
``urlize()``
function is used to implement the ``urlize`` and ``urlizetrunc`` template
filters, which were thus vulnerable.

The problematic regular expressions are replaced with parsing logic that
behaves similarly.

Comment 5 Adam Mariš 2018-03-06 16:13:39 UTC
Acknowledgments:

Name: the Django project

Comment 6 Adam Mariš 2018-03-06 16:13:57 UTC
External References:

https://www.djangoproject.com/weblog/2018/mar/06/security-releases/

Comment 7 Adam Mariš 2018-03-06 16:17:00 UTC
Created python-django tracking bugs for this issue:

Affects: fedora-all [bug 1552178]
Affects: epel-7 [bug 1552179]


Created python-django16 tracking bugs for this issue:

Affects: epel-7 [bug 1552177]

Comment 13 Andrej Nemec 2018-05-14 15:19:51 UTC
Statement:

This issue affects the versions of django as shipped with Red Hat Subscription Asset Manager. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Comment 14 errata-xmlrpc 2018-10-16 15:20:55 UTC
This issue has been addressed in the following products:

  Red Hat Satellite 6.4 for RHEL 7

Via RHSA-2018:2927 https://access.redhat.com/errata/RHSA-2018:2927

Comment 18 errata-xmlrpc 2019-01-16 17:11:49 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 10.0 (Newton)

Via RHSA-2019:0051 https://access.redhat.com/errata/RHSA-2019:0051

Comment 19 errata-xmlrpc 2019-01-16 17:52:52 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 13.0 (Queens)

Via RHSA-2019:0082 https://access.redhat.com/errata/RHSA-2019:0082

Comment 20 errata-xmlrpc 2019-02-04 07:43:40 UTC
This issue has been addressed in the following products:

  Red Hat Gluster Storage 3.4 for RHEL 7

Via RHSA-2019:0265 https://access.redhat.com/errata/RHSA-2019:0265


Note You need to log in before you can comment on or make changes to this bug.