openSUSE-SU-2023:0177-1

Опубликовано: 12 июл. 2023

Источник: suse-cvrf

Описание

Security update for python-Django1

This update of python-Django1 fixes the following issue:

CVE-2023-36053: Fixed potential regular expression denial of service vulnerability in EmailValidator/URLValidator (boo#1212742)

Список пакетов

SUSE Package Hub 15 SP4

python3-Django1-1.11.29-bp154.2.6.1

openSUSE Leap 15.4

python3-Django1-1.11.29-bp154.2.6.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RVGVHM5LHSIXOSHIAGPH55V6JSFB7AN5/
E-Mail link for openSUSE-SU-2023:0177-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1212742
SUSE Bug 1212742
https://www.suse.com/security/cve/CVE-2023-36053/
SUSE CVE CVE-2023-36053 page

Описание

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.

Затронутые продукты

SUSE Package Hub 15 SP4:python3-Django1-1.11.29-bp154.2.6.1

openSUSE Leap 15.4:python3-Django1-1.11.29-bp154.2.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-36053.html
CVE-2023-36053
https://bugzilla.suse.com/1212742
SUSE Bug 1212742

openSUSE-SU-2023:0177-1

Описание

Список пакетов

SUSE Package Hub 15 SP4

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2023-36053

Описание

Затронутые продукты

Ссылки