Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Fedora 41: FEDORA-2025-2dff80a8a3 critical: python-django5 denial service

fedora
Calendar Grey June 19, 2025
Dist Fedora Esm H88
Important announcement regarding Python Django security patches mitigating DoS and log injection vulnerabilities on Fedora 41. Discover more about best security measures!
Fixes CVE-2025-32873: Denial-of-service possibility in strip_tags() Fixes CVE-2025-48432: Potential log injection via unescaped request path

Summary

Django is a high-level Python Web framework that encourages rapid

development and a clean, pragmatic design. It focuses on automating as

much as possible and adhering to the DRY (Don't Repeat Yourself)

principle.

Update Information:

Fixes CVE-2025-32873: Denial-of-service possibility in strip_tags() Fixes CVE-2025-48432: Potential log injection via unescaped request path

Change Log

* Mon Jun 9 2025 Michel Lind - 5.1.10-1 - Update to 5.1.10 - Fixes CVE-2025-32873: Denial-of-service possibility in strip_tags() - Fixes CVE-2025-48432: Potential log injection via unescaped request path * Fri Apr 4 2025 Michel Lind - 5.1.8-1 - Update to 5.1.8 - On Windows, this fixes CVE-2025-27556. Mentioning for compleness - Fixes a regression in Django 5.1.7 affecting LogEntryManager.log_actions() - #36234 - Remove legacy symlinks * Wed Mar 19 2025 Tomáš Hrnčiar - 5.1.7-2 - Adjust patch to allow setuptools <77 * Sat Mar 8 2025 Michel Lind - 5.1.7-1 - Update to version 5.1.7; Fixes: RHBZ#2350881 - Fix for CVE-2025-26699: Potential denial-of-service vulnerability in django.utils.text.wrap() * Sat Feb 15 2025 Michel Lind - 5.1.6-1 - Initial package; Resolves: RHBZ#2345877

References


[ 1 ] Bug #2365047 - CVE-2025-32873 python-django5: Django StripTags Denial of Service [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2365047

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-2dff80a8a3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: python-django5
Product: Fedora 41
Version: 5.1.10
Release: 1.fc41
Summary: A high-level Python Web framework

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here