Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Fedora 43: Critical Fix for SQL Injection and DoS in python-django5

fedora
Calendar Grey December 18, 2025
Dist Fedora Esm H88
Updates for python-django5 in Fedora 43 address SQL injection and DoS risks with several fixes for vulnerabilities.
Fixes CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases on PostgreSQL Fixes CVE-2025-64460: Potential denial-of-service vulnerability in XML Deserializer F...

Summary

Django is a high-level Python Web framework that encourages rapid

development and a clean, pragmatic design. It focuses on automating as

much as possible and adhering to the DRY (Don't Repeat Yourself)

principle.

Update Information:

Fixes CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases on PostgreSQL Fixes CVE-2025-64460: Potential denial-of-service vulnerability in XML Deserializer Fixes CVE-2025-64459: Potential SQL injection via _connector keyword argument (5.2.8) Fixes CVE-2025-59681: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB (5.2.7) Fixes CVE-2025-59682: Potential partial directory-traversal via archive.extract() (5.2.7) Fixes CVE-2025-57833: Potential SQL injection in FilteredRelation column aliases (5.2.6)

Topics%20covered

Topics Covered

security advisory denial of service SQL Injection fedora update python-django5

Change Log

* Mon Dec 8 2025 Michel Lind - 5.2.9-1 - Update to version 5.2.9 - Fixes CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases on PostgreSQL - Fixes CVE-2025-64460: Potential denial-of-service vulnerability in XML Deserializer - Fixes CVE-2025-64459: Potential SQL injection via _connector keyword argument (5.2.8) - Fixes CVE-2025-59681: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB (5.2.7) - Fixes CVE-2025-59682: Potential partial directory-traversal via archive.extract() (5.2.7) - Fixes CVE-2025-57833: Potential SQL injection in FilteredRelation column aliases (5.2.6)

References

Fedora Update Notification FEDORA-2025-24dfd3b072 2025-12-18 00:56:48.059069+00:00 Name : python-django5 Product : Fedora 43 Version : 5.2.9 Release : 1.fc43 URL : https://www.djangoproject.com/ Summary : A high-level Python Web framework Description : Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-24dfd3b072' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: python-django5
Product: Fedora 43
Version: 5.2.9
Release: 1.fc43
URL: https://www.djangoproject.com/
Summary: A high-level Python Web framework

Topics%20covered

Topics Covered

security advisory denial of service SQL Injection fedora update python-django5

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here