Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

openSUSE SLE-15-SP6 Python-Django SQL Injection Vulnerability 2026-0037-1

opensuse
Calendar Grey February 5, 2026
Dist Opensuse Esm H88
An update for openSUSE fixes 5 important vulnerabilities in python-Django including SQL injection and DoS risks.
An update that fixes 5 vulnerabilities is now available.

Description

This update for python-Django fixes the following issues:

- CVE-2026-1312: Fixed potential SQL injection via QuerySet.order_by and

FilteredRelation (bsc#1257408).

- CVE-2026-1287: Fixed potential SQL injection in column aliases via

control characters (bsc#1257407).

- CVE-2026-1207: Fixed potential SQL injection via raster lookups on

PostGIS (bsc#1257405).

- CVE-2026-1285: Fixed potential denial-of-service in

django.utils.text.Truncator HTML methods (bsc#1257406).

- CVE-2025-13473: Fixed username enumeration through timing difference in

mod_wsgi authentication handler (bsc#1257401).

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2026-37=1

Package List

- openSUSE Backports SLE-15-SP6 (noarch):

python3-Django-2.2.28-bp156.30.1

References

https://www.suse.com/security/cve/CVE-2025-13473.html

https://www.suse.com/security/cve/CVE-2026-1207.html

https://www.suse.com/security/cve/CVE-2026-1285.html

https://www.suse.com/security/cve/CVE-2026-1287.html

https://www.suse.com/security/cve/CVE-2026-1312.html

https://bugzilla.suse.com/1257401

https://bugzilla.suse.com/1257405

https://bugzilla.suse.com/1257406

https://bugzilla.suse.com/1257407

https://bugzilla.suse.com/1257408

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:0037-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP6

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here