Fedora 38: FEDORA-2023-cc023fabb7 Moderate: python-asgiref DoS
fedora
October 15, 2023
Security fix for CVE-2023-43665, CVE-2023-41164, and CVE-2023-36053
Summary
ASGI is a standard for Python asynchronous web apps and servers to communicate
with each other, and positioned as an asynchronous successor to WSGI. This
package includes ASGI base libraries, such as:
* Sync-to-async and async-to-sync function wrappers, asgiref.sync
* Server base classes, asgiref.server
* A WSGI-to-ASGI adapter, in asgiref.wsgi
Update Information:
Security fix for CVE-2023-43665, CVE-2023-41164, and CVE-2023-36053
Topics Covered
Change Log
* Mon Feb 13 2023 Joel Capitao
References
[ 1 ] Bug #2219383 - CVE-2023-36053 python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2219383
[ 2 ] Bug #2237870 - CVE-2023-41164 python-django: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()`` [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237870
[ 3 ] Bug #2242182 - CVE-2023-43665 python-django: Denial-of-service possibility in django.utils.text.Truncator [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2242182
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-cc023fabb7' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html
PREVIOUS
NEXT
Name: python-asgiref
Product: Fedora 38
Version: 3.5.2
Release: 1.fc38
Summary: ASGI specs, helper code, and adapters
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!