Описание
Security update for python-Django
This update for python-Django fixes the following issues:
- CVE-2024-56374: Fixed lack of upper bound limit enforcement in strings when performing IPv6 validation that could lead to denial of service (bsc#1235856)
Список пакетов
SUSE Linux Enterprise Module for Package Hub 15 SP6
python311-Django-4.2.11-150600.3.15.1
openSUSE Leap 15.6
python311-Django-4.2.11-150600.3.15.1
Ссылки
- Link for SUSE-SU-2025:0149-1
- E-Mail link for SUSE-SU-2025:0149-1
- SUSE Security Ratings
- SUSE Bug 1235856
- SUSE CVE CVE-2024-56374 page
Описание
An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)
Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP6:python311-Django-4.2.11-150600.3.15.1
openSUSE Leap 15.6:python311-Django-4.2.11-150600.3.15.1
Ссылки
- CVE-2024-56374
- SUSE Bug 1235856