Explore top 10 tips to secure your open-source projects now. Read More
×
This update for python-Django fixes the following issues:
* CVE-2026-48588: potential exposure of private data via cached `Set-Cookie`
response (bsc#1271029).
* CVE-2026-53877: information disclosure via 32-byte heap buffer overread in
`GDALRaster` (bsc#1271030).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2819=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2819=1
* SUSE Package Hub 15 15-SP7 (noarch)
* python311-Django-4.2.11-150600.3.62.1
* openSUSE Leap 15.6 (noarch)
* python311-Django-4.2.11-150600.3.62.1
* bsc#1271029
* bsc#1271030
## References:
* https://www.suse.com/security/cve/CVE-2026-48588.html
* https://www.suse.com/security/cve/CVE-2026-53877.html
* https://bugzilla.suse.com/show_bug.cgi?id=1271029
* https://bugzilla.suse.com/show_bug.cgi?id=1271030
Get the latest Linux and open source security news straight to your inbox.