Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2023:0057-1

Опубликовано: 21 фев. 2023
Источник: suse-cvrf

Описание

Security update for python-Django

This update for python-Django fixes the following issues:

  • CVE-2023-23969: Fixed potential denial-of-service via Accept-Language headers (boo#1207565)
  • CVE-2022-41323: Fixed potential denial-of-service vulnerability in internationalized URLs (boo#1203793)

Список пакетов

SUSE Package Hub 15 SP4
python3-Django-2.2.28-bp154.2.6.1
openSUSE Leap 15.4
python3-Django-2.2.28-bp154.2.6.1

Ссылки

Описание

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.

Затронутые продукты
SUSE Package Hub 15 SP4:python3-Django-2.2.28-bp154.2.6.1
openSUSE Leap 15.4:python3-Django-2.2.28-bp154.2.6.1
Ссылки

Описание

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.

Затронутые продукты
SUSE Package Hub 15 SP4:python3-Django-2.2.28-bp154.2.6.1
openSUSE Leap 15.4:python3-Django-2.2.28-bp154.2.6.1
Ссылки