Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Fedora 42: Addressing CVE Fixes for python-django 4.2 SQL Injection and DoS

fedora
Calendar Grey December 18, 2025
Dist Fedora Esm H88
Django 4.2 update addresses critical SQL injection and DoS flaws in Fedora 42 applications. Secure your systems now.
Fixes CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases on PostgreSQL Fixes CVE-2025-64460: Potential denial-of-service vulnerability in XML Deserializer F...

Summary

Django is a high-level Python Web framework that encourages rapid

development and a clean, pragmatic design. It focuses on automating as

much as possible and adhering to the DRY (Don't Repeat Yourself)

principle.

Update Information:

Fixes CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases on PostgreSQL Fixes CVE-2025-64460: Potential denial-of-service vulnerability in XML Deserializer Fixes CVE-2025-64459: Potential SQL injection via _connector keyword argument (4.2.26) Fixes CVE-2025-59681: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB (4.2.25) Fixes CVE-2025-59682: Potential partial directory-traversal via archive.extract() (4.2.25) Fixes CVE-2025-57833: Potential SQL injection in FilteredRelation column aliases (4.2.24)

Topics%20covered

Topics Covered

security advisory denial of service SQL Injection fedora CVE python-django

Change Log

* Tue Dec 9 2025 Michel Lind - 4.2.27-1 - Update to version 4.2.27 - Fixes CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases on PostgreSQL - Fixes CVE-2025-64460: Potential denial-of-service vulnerability in XML Deserializer - Fixes CVE-2025-64459: Potential SQL injection via _connector keyword argument (4.2.26) - Fixes CVE-2025-59681: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB (4.2.25) - Fixes CVE-2025-59682: Potential partial directory-traversal via archive.extract() (4.2.25) - Fixes CVE-2025-57833: Potential SQL injection in FilteredRelation column aliases (4.2.24)

References


[ 1 ] Bug #2393806 - CVE-2025-57833 python-django4.2: Django SQL injection in FilteredRelation column aliases [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2393806 [ 2 ] Bug #2416117 - CVE-2025-59681 python-django4.2: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB1 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2416117

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-b1379d950d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: python-django4.2
Product: Fedora 42
Version: 4.2.27
Release: 1.fc42
URL: https://www.djangoproject.com/
Summary: A high-level Python Web framework

Topics%20covered

Topics Covered

security advisory denial of service SQL Injection fedora CVE python-django

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here