openSUSE-SU-2023:0075-1

Опубликовано: 14 мар. 2023

Источник: suse-cvrf

Описание

Security update for python-Django

python-Django was update to fix:

CVE-2023-24580: Prevent DOS in file uploads. (bsc#1208082)

Список пакетов

SUSE Package Hub 15 SP4

python3-Django1-1.11.29-bp154.2.3.1

openSUSE Leap 15.4

python3-Django1-1.11.29-bp154.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AQ2N7SB2HJKGBLQVFSOCRHCY66P6ACKC/
E-Mail link for openSUSE-SU-2023:0075-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1208082
SUSE Bug 1208082
https://www.suse.com/security/cve/CVE-2023-24580/
SUSE CVE CVE-2023-24580 page

Описание

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.

Затронутые продукты

SUSE Package Hub 15 SP4:python3-Django1-1.11.29-bp154.2.3.1

openSUSE Leap 15.4:python3-Django1-1.11.29-bp154.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-24580.html
CVE-2023-24580
https://bugzilla.suse.com/1208082
SUSE Bug 1208082

openSUSE-SU-2023:0075-1

Описание

Список пакетов

SUSE Package Hub 15 SP4

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2023-24580

Описание

Затронутые продукты

Ссылки