SUSE-SU-2025:1523-1

Опубликовано: 09 мая 2025

Источник: suse-cvrf

Описание

Security update for python-Django

This update for python-Django fixes the following issues:

CVE-2025-32873: Fixed denial-of-service possibility in strip_tags() (bsc#1242210)

Список пакетов

SUSE Linux Enterprise Module for Package Hub 15 SP6

python311-Django-4.2.11-150600.3.21.1

openSUSE Leap 15.6

python311-Django-4.2.11-150600.3.21.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20251523-1/
Link for SUSE-SU-2025:1523-1
https://lists.suse.com/pipermail/sle-updates/2025-May/039195.html
E-Mail link for SUSE-SU-2025:1523-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1242210
SUSE Bug 1242210
https://www.suse.com/security/cve/CVE-2025-32873/
SUSE CVE CVE-2025-32873 page

Описание

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().

Затронутые продукты

SUSE Linux Enterprise Module for Package Hub 15 SP6:python311-Django-4.2.11-150600.3.21.1

openSUSE Leap 15.6:python311-Django-4.2.11-150600.3.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-32873.html
CVE-2025-32873
https://bugzilla.suse.com/1242210
SUSE Bug 1242210

SUSE-SU-2025:1523-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Package Hub 15 SP6

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2025-32873

Описание

Затронутые продукты

Ссылки