Описание
Security update for python-Django
This update for python-Django fixes the following issues:
- CVE-2025-64459: Fixed a potential SQL injection via the '_connector' keyword (bsc#1252926)
Список пакетов
SUSE Linux Enterprise Module for Package Hub 15 SP6
python311-Django-4.2.11-150600.3.41.1
SUSE Linux Enterprise Module for Package Hub 15 SP7
python311-Django-4.2.11-150600.3.41.1
openSUSE Leap 15.6
python311-Django-4.2.11-150600.3.41.1
Ссылки
- Link for SUSE-SU-2025:4100-1
- E-Mail link for SUSE-SU-2025:4100-1
- SUSE Security Ratings
- SUSE Bug 1252926
- SUSE CVE CVE-2025-62769 page
- SUSE CVE CVE-2025-64459 page
Описание
unknown
Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP6:python311-Django-4.2.11-150600.3.41.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:python311-Django-4.2.11-150600.3.41.1
openSUSE Leap 15.6:python311-Django-4.2.11-150600.3.41.1
Ссылки
- CVE-2025-62769
- SUSE Bug 1252926
Описание
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank cyberstan for reporting this issue.
Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP6:python311-Django-4.2.11-150600.3.41.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:python311-Django-4.2.11-150600.3.41.1
openSUSE Leap 15.6:python311-Django-4.2.11-150600.3.41.1
Ссылки
- CVE-2025-64459
- SUSE Bug 1252926