Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:2816-1

Опубликовано: 07 авг. 2024
Источник: suse-cvrf

Описание

Security update for python-Django

This update for python-Django fixes the following issues:

  • CVE-2024-42005: Fixed SQL injection in QuerySet.values() and values_list() (bsc#1228629)
  • CVE-2024-41989: Fixed Memory exhaustion in django.utils.numberformat.floatformat() (bsc#1228630)
  • CVE-2024-41990: Fixed denial-of-service vulnerability in django.utils.html.urlize() (bsc#1228631)
  • CVE-2024-41991: Fixed another denial-of-service vulnerability in django.utils.html.urlize() (bsc#1228632)

Список пакетов

SUSE Linux Enterprise Module for Package Hub 15 SP6
python311-Django-4.2.11-150600.3.6.1
openSUSE Leap 15.6
python311-Django-4.2.11-150600.3.6.1

Ссылки

Описание

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.

Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP6:python311-Django-4.2.11-150600.3.6.1
openSUSE Leap 15.6:python311-Django-4.2.11-150600.3.6.1
Ссылки

Описание

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP6:python311-Django-4.2.11-150600.3.6.1
openSUSE Leap 15.6:python311-Django-4.2.11-150600.3.6.1
Ссылки

Описание

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.

Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP6:python311-Django-4.2.11-150600.3.6.1
openSUSE Leap 15.6:python311-Django-4.2.11-150600.3.6.1
Ссылки

Описание

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.

Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP6:python311-Django-4.2.11-150600.3.6.1
openSUSE Leap 15.6:python311-Django-4.2.11-150600.3.6.1
Ссылки
Уязвимость SUSE-SU-2024:2816-1