Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora 42: Critical Fixes for SQL Injection & DoS in Python-Django 5

fedora
Calendar Grey December 18, 2025
Dist Fedora Esm H88
Updates for python-django5 address critical SQL injection and denial-of-service risks in Fedora 42, ensuring robust security.
Fixes CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases on PostgreSQL Fixes CVE-2025-64460: Potential denial-of-service vulnerability in XML Deserializer F...

Summary

Django is a high-level Python Web framework that encourages rapid

development and a clean, pragmatic design. It focuses on automating as

much as possible and adhering to the DRY (Don't Repeat Yourself)

principle.

Update Information:

Fixes CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases on PostgreSQL Fixes CVE-2025-64460: Potential denial-of-service vulnerability in XML Deserializer Fixes CVE-2025-64459: Potential SQL injection via _connector keyword argument (5.2.8) Fixes CVE-2025-59681: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB (5.2.7) Fixes CVE-2025-59682: Potential partial directory-traversal via archive.extract() (5.2.7) Fixes CVE-2025-57833: Potential SQL injection in FilteredRelation column aliases (5.2.6)

Topics%20covered

Topics Covered

security advisory denial of service SQL Injection fedora critical python-django5

Change Log

* Mon Dec 8 2025 Michel Lind - 5.2.9-1 - Update to version 5.2.9 - Fixes CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases on PostgreSQL - Fixes CVE-2025-64460: Potential denial-of-service vulnerability in XML Deserializer - Fixes CVE-2025-64459: Potential SQL injection via _connector keyword argument (5.2.8) - Fixes CVE-2025-59681: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB (5.2.7) - Fixes CVE-2025-59682: Potential partial directory-traversal via archive.extract() (5.2.7) - Fixes CVE-2025-57833: Potential SQL injection in FilteredRelation column aliases (5.2.6)

References


[ 1 ] Bug #2393807 - CVE-2025-57833 python-django5: Django SQL injection in FilteredRelation column aliases [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2393807 [ 2 ] Bug #2416118 - CVE-2025-59681 python-django5: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB1 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2416118

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-45ee190318' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: python-django5
Product: Fedora 42
Version: 5.2.9
Release: 1.fc42
URL: https://www.djangoproject.com/
Summary: A high-level Python Web framework

Topics%20covered

Topics Covered

security advisory denial of service SQL Injection fedora critical python-django5

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here