Alerts This Week
Warning Icon 1 684
Alerts This Week
Warning Icon 1 684

openSUSE 15-SP3: 2023:0005-1 Critical: python-Django Denial-of-Service

opensuse
Calendar Grey January 3, 2023
Dist Opensuse Esm H88
Crucial security patch released for python-Django on openSUSE addresses multiple vulnerabilities and improves safeguards.
An update that solves 13 vulnerabilities and has one errata is now available

Description

This update for python-Django fixes the following issues:

- CVE-2022-41323: Fixed potential denial-of-service vulnerability in

internationalized URLs (boo#1203793)

- CVE-2022-36359: Fixed a potential reflected file download vulnerability

in FileResponse (boo#1201923)

- Update from 2.2.12 to 2.2.28 (boo#1198297)

* Many CVEs fixes (check

2.2.28:

- CVE-2022-28346: Fixed potential SQL injection in QuerySet.annotate(),

aggregate(), and extra() (bsc#1198398)

- CVE-2022-28347: Fixed potential SQL injection via

QuerySet.explain(**options) (bsc#1198399)

2.2.27:

- CVE-2022-22818: Fixed possible XSS via ``{% debug %}`` template tag

(bsc#1195086)

- CVE-2022-23833: Fixed denial-of-service possibility in file uploads

(bsc#1195088)

2.2.26:

- CVE-2021-45115: Denial-of-service possibility in

``UserAttributeSimilarityValidator`` (bsc#1194115)

- CVE-2021-45116: Potential...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory XSS important SQL injection denial-of-service openSUSE python-Django

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP3:

zypper in -t patch openSUSE-2023-5=1

Package List

- openSUSE Backports SLE-15-SP3 (noarch):

python3-Django-2.2.28-bp153.2.3.1

References

https://www.suse.com/security/cve/CVE-2021-32052.html

https://www.suse.com/security/cve/CVE-2021-33203.html

https://www.suse.com/security/cve/CVE-2021-33571.html

https://www.suse.com/security/cve/CVE-2021-44420.html

https://www.suse.com/security/cve/CVE-2021-45115.html

https://www.suse.com/security/cve/CVE-2021-45116.html

https://www.suse.com/security/cve/CVE-2021-45452.html

https://www.suse.com/security/cve/CVE-2022-22818.html

https://www.suse.com/security/cve/CVE-2022-23833.html

https://www.suse.com/security/cve/CVE-2022-28346.html

https://www.suse.com/security/cve/CVE-2022-28347.html

https://www.suse.com/security/cve/CVE-2022-36359.html

https://www.suse.com/security/cve/CVE-2022-41323.html

https://bugzilla.suse.com/1185713

https://bugzilla.suse.com/1186608

https://bugzilla.suse.com/1186611

https://bugzilla.suse.com/1193240

https://bugzilla.suse.com/1194115

https://bugzilla.suse.com/1194116

https://bugzilla.suse.com/1194117

https://bugzilla.suse.com/1195086

https://bugzilla.suse.com/1195088

https://bugzil...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2023:0005-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP3 ble.

Topics%20covered

Topics Covered

security advisory XSS important SQL injection denial-of-service openSUSE python-Django

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here