Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 623
Alerts This Week
Warning Icon 1 623

openSUSE 2023:0077-1 Important: python-Django Denial Of Service

opensuse
Calendar Grey March 20, 2023
Dist Opensuse Esm H88
Security alert regarding python-Django as it faces 11 vulnerabilities rated as critical. An update has been released for openSUSE users.
An update that fixes 11 vulnerabilities is now available

Description

This update for python-Django fixes the following issues:

- CVE-2023-24580: Prevent DOS in file uploads. (boo#1208082)

update to 1.11.15

* CVE-2018-14574: Fixed Open redirect possibility in CommonMiddleware

(boo#1102680)

* Fixed WKBWriter.write() and write_hex() for empty polygons on GEOS

3.6.1+

* Fixed a regression in Django 1.10 that could result in large memory

usage when making edits using ModelAdmin.list_editable

* Fixed a regression in Django 1.11.12 where QuerySet.values() or

values_list() after combining an annotated and unannotated queryset

with union(), difference(), or intersection() crashed due to

mismatching columns

* Fixed crashes in django.contrib.admindocs when a view is a callable

object, such as django.contrib.syndication.views.Feed

* Fixed a regression in Django 1.11.8 where altering a field with a

unique constraint may drop and rebuild more foreign keys than...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2023-77=1

Package List

- SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):

python-Django-1.11.15-2.1

References

https://www.suse.com/security/cve/CVE-2015-3982.html

https://www.suse.com/security/cve/CVE-2015-5145.html

https://www.suse.com/security/cve/CVE-2015-5963.html

https://www.suse.com/security/cve/CVE-2017-12794.html

https://www.suse.com/security/cve/CVE-2017-7233.html

https://www.suse.com/security/cve/CVE-2017-7234.html

https://www.suse.com/security/cve/CVE-2018-14574.html

https://www.suse.com/security/cve/CVE-2018-6188.html

https://www.suse.com/security/cve/CVE-2018-7536.html

https://www.suse.com/security/cve/CVE-2018-7537.html

https://www.suse.com/security/cve/CVE-2023-24580.html

https://bugzilla.suse.com/1077714

https://bugzilla.suse.com/1102680

https://bugzilla.suse.com/1208082

https://bugzilla.suse.com/937524

https://bugzilla.suse.com/952198

https://bugzilla.suse.com/988420

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2023:0077-1
Rating: important
Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Package Hub for SUSE Linux Enterprise 12 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.