Fedora 37: FEDORA-2023-9d36d373f1 Critical: python-django DoS Issues
fedora
October 23, 2023
Security fix for CVE-2023-43665, CVE-2023-41164, and CVE-2023-36053
Summary
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don't Repeat Yourself)
principle.
Update Information:
Security fix for CVE-2023-43665, CVE-2023-41164, and CVE-2023-36053
Topics Covered
Change Log
* Fri Oct 13 2023 Michel Lind
References
[ 1 ] Bug #2219383 - CVE-2023-36053 python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2219383
[ 2 ] Bug #2237870 - CVE-2023-41164 python-django: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()`` [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237870
[ 3 ] Bug #2242182 - CVE-2023-43665 python-django: Denial-of-service possibility in django.utils.text.Truncator [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2242182
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-9d36d373f1' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: python-django
Product: Fedora 37
Version: 4.1.12
Release: 1.fc37
Summary: A high-level Python Web framework
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!