Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Red Hat RHSA-2022:5738-01 Critical: Django SQL Injection Threat

red hat
Calendar Grey August 3, 2022
Dist Redhat Esm H88
Important Django 3.2.14 security patch tackles potential SQL injection risk. Safeguard your applications immediately!
A security fix for a CVE in the Django library is now available

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

RHUI services must be restarted for this update to take effect. To restart them, run the following command on the RHUA node as root:

# rhui-services-restart

For other information, consult the product documentation at: https://access.redhat.com/documentation/en-us/red_hat_update_infrastructure/4

Summary

Red Hat Update Infrastructure (RHUI) offers a highly scalable, highly redundant framework that enables you to manage repositories and content. It also enables cloud providers to deliver content and updates to Red Hat Enterprise Linux (RHEL) instances.
Security Fix: * Django: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments (CVE-2022-34265)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Users of RHUI are advised to upgrade to this updated package that fixes this bug.

Topics%20covered

Topics Covered

security advisory security update red hat critical sql injection risk django

References

https://access.redhat.com/security/cve/CVE-2022-34265 https://access.redhat.com/security/updates/classification/#important

Package List

RHUI 4 for RHEL 8:
Source: python-django-3.2.14-3.el8ui.src.rpm
noarch: python38-django-3.2.14-3.el8ui.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2022:5738-01
Product: Red Hat Update Infrastructure
Advisory URL: https://access.redhat.com/errata/RHSA-2022:5738
Issue date: 2022-07-27

Topic

A security fix for a CVE in the Django library is now available.

Topics%20covered

Topics Covered

security advisory security update red hat critical sql injection risk django

Relevant Releases Architectures

RHUI 4 for RHEL 8 - noarch

Bugs Fixed

2102896 - CVE-2022-34265 python-django: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here