openSUSE 16.0 Python-Django Important Data Exposure Bugs Vul 2026-20937-1

opensuse

June 12, 2026

An update that solves 5 vulnerabilities and has 5 bug fixes can now be installed.

Description

This update for python-Django fixes the following issues:

Changes in python-Django:

- CVE-2026-6873: Signed cookie salt namespace collision (bsc#1267578)

- CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in the SMTP backend (bsc#1267579)

- CVE-2026-8404: Potential exposure of private data via case-sensitive Cache-Control directives (bsc#1267580)

- CVE-2026-35193: Potential exposure of private data via missing Vary: Authorization (bsc#1267576)

- CVE-2026-48587: Potential exposure of private data via whitespace padding in Vary header (bsc#1267577)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-305=1

Topics Covered

security advisory important data exposure OpenSUSE email compromise python-django

Patch

Package List

- openSUSE Leap 16.0:

python313-Django-5.2.4-bp160.9.1

References

* bsc#1267576

* bsc#1267577

* bsc#1267578

* bsc#1267579

* bsc#1267580

References:

* https://www.suse.com/security/cve/CVE-2026-35193.html

* https://www.suse.com/security/cve/CVE-2026-48587.html

* https://www.suse.com/security/cve/CVE-2026-6873.html

* https://www.suse.com/security/cve/CVE-2026-7666.html

* https://www.suse.com/security/cve/CVE-2026-8404.html

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: openSUSE-SU-2026:20937-1

Rating: important

Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Topics Covered

security advisory important data exposure OpenSUSE email compromise python-django

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

openSUSE 16.0 Python-Django Important Data Exposure Bugs Vul 2026-20937-1

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

openSUSE 16.0 Python-Django Important Data Exposure Bugs Vul 2026-20937-1

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!