Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

openSUSE: 2023:0057-1 Moderate: Python-Django Denial-of-Service Issues

opensuse
Calendar Grey February 21, 2023
Dist Opensuse Esm H88
Tackles two weaknesses in Python-Django on openSUSE rated as moderate risk. Refer to provided details for update guidance.
An update that fixes two vulnerabilities is now available

Description

This update for python-Django fixes the following issues:

- CVE-2023-23969: Fixed potential denial-of-service via Accept-Language

headers (boo#1207565)

- CVE-2022-41323: Fixed potential denial-of-service vulnerability in

internationalized URLs (boo#1203793)

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP4:

zypper in -t patch openSUSE-2023-57=1

Package List

- openSUSE Backports SLE-15-SP4 (noarch):

python3-Django-2.2.28-bp154.2.6.1

References

https://www.suse.com/security/cve/CVE-2022-41323.html

https://www.suse.com/security/cve/CVE-2023-23969.html

https://bugzilla.suse.com/1203793

https://bugzilla.suse.com/1207565

Announcement ID: openSUSE-SU-2023:0057-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP4 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.