Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora 38: FEDORA-2024-84fbbbb914 Critical Django DoS Threats

fedora
Calendar Grey April 20, 2024
Dist Fedora Esm H88
Improvements to Fedora's python-django3 mitigate severe denial-of-service risks and bolster security measures.
Security fixes for CVE-2024-27351 Potential regular expression DOS in django.utils.text.Truncator.words() CVE-2024-24680 denial-of-service in intcomma template filter CVE-2023-4366...

Summary

Django is a high-level Python Web framework that encourages rapid

development and a clean, pragmatic design. It focuses on automating as

much as possible and adhering to the DRY (Don't Repeat Yourself)

principle.

Update Information:

Security fixes for CVE-2024-27351 Potential regular expression DOS in django.utils.text.Truncator.words() CVE-2024-24680 denial-of-service in intcomma template filter CVE-2023-43665 Denial-of-service possibility in django.utils.text.Truncator CVE-2023-41164 Potential DOS vulnerability in django.utils.encoding.uri_to_iri() CVE-2023-36053 Potential regular expression denial of service vulnerability in EmailValidator/URLValidator

Topics%20covered

Topics Covered

security advisory fedora update python dos django

Change Log

* Thu Apr 11 2024 Michel Lind - 3.2.25-2 - Make test bcond work (tests are enabled by default) * Thu Apr 11 2024 Michel Lind - 3.2.25-1 - Update to 3.2.25 - Mark as deprecated due to EOL - Update list of bundled dependencies - Declare licenses of bundled dependencies - Add virtual Provides and Conflicts to allow swapping Django stacks - Drop unneeded patches

References


[ 1 ] Bug #2219382 - CVE-2023-36053 python-django3: python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2219382 [ 2 ] Bug #2237871 - CVE-2023-41164 python-django3: python-django: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()`` [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2237871 [ 3 ] Bug #2242181 - CVE-2023-43665 python-django3: python-django: Denial-of-service possibility in django.utils.text.Truncator [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2242181 [ 4 ] Bug #2263506 - CVE-2024-24680 python-django3: Django: denial-of-service in ``intcomma`` template filter [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2263506 [ 5 ] Bug #2267655 - CVE-2024-27351 python-django3: python-django: Potential regular expression denial-of-service in django.utils.text.Tru...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-84fbbbb914' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: python-django3
Product: Fedora 38
Version: 3.2.25
Release: 2.fc38
URL: https://www.djangoproject.com/
Summary: A high-level Python Web framework

Topics%20covered

Topics Covered

security advisory fedora update python dos django

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here