SUSE-SU-2024:3187-1

Опубликовано: 10 сент. 2024

Источник: suse-cvrf

Описание

Security update for python-Django

This update for python-Django fixes the following issues:

There is an issue with the previous fix for CVE-2024-45230. Please consider the following vulnerability fixed only after the installation of this update.

CVE-2024-45230: Fixed potential denial-of-service vulnerability in django.utils.html.urlize(). (bsc#1229823)

Список пакетов

openSUSE Leap 15.5

python3-Django-2.0.7-150000.1.36.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20243187-1/
Link for SUSE-SU-2024:3187-1
https://lists.suse.com/pipermail/sle-security-updates/2024-September/019406.html
E-Mail link for SUSE-SU-2024:3187-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1229823
SUSE Bug 1229823
https://www.suse.com/security/cve/CVE-2024-45230/
SUSE CVE CVE-2024-45230 page

Описание

An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

Затронутые продукты

openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.36.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-45230.html
CVE-2024-45230
https://bugzilla.suse.com/1229823
SUSE Bug 1229823

SUSE-SU-2024:3187-1

Описание

Список пакетов

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2024-45230

Описание

Затронутые продукты

Ссылки