What Are You Looking For?

Sign Up

   SUSE Security Update: Security update for python-Django1
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:0285-1
Rating:             important
References:         #1195086 #1195088 
Cross-References:   CVE-2022-22818 CVE-2022-23833
CVSS scores:
                    CVE-2022-22818 (SUSE): 5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
                    CVE-2022-23833 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE OpenStack Cloud Crowbar 9
                    SUSE OpenStack Cloud 9
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This update for python-Django1 fixes the following issues:

   - CVE-2022-22818: Fixed possible XSS via {% debug %} template tag
     (bsc#1195086)
   - CVE-2022-23833: Fixed denial-of-service possibility in file uploads.
     (bsc#1195088)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 9:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-285=1

   - SUSE OpenStack Cloud 9:

      zypper in -t patch SUSE-OpenStack-Cloud-9-2022-285=1



Package List:

   - SUSE OpenStack Cloud Crowbar 9 (noarch):

      python-Django1-1.11.29-3.37.1

   - SUSE OpenStack Cloud 9 (noarch):

      python-Django1-1.11.29-3.37.1
      venv-openstack-barbican-x86_64-7.0.1~dev24-3.30.1
      venv-openstack-cinder-x86_64-13.0.10~dev23-3.33.1
      venv-openstack-designate-x86_64-7.0.2~dev2-3.30.1
      venv-openstack-glance-x86_64-17.0.1~dev30-3.28.1
      venv-openstack-heat-x86_64-11.0.4~dev4-3.30.1
      venv-openstack-horizon-x86_64-14.1.1~dev11-4.34.2
      venv-openstack-ironic-x86_64-11.1.5~dev17-4.28.1
      venv-openstack-keystone-x86_64-14.2.1~dev7-3.31.1
      venv-openstack-magnum-x86_64-7.2.1~dev1-4.30.1
      venv-openstack-manila-x86_64-7.4.2~dev60-3.36.1
      venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.30.1
      venv-openstack-monasca-x86_64-2.7.1~dev10-3.32.1
      venv-openstack-neutron-x86_64-13.0.8~dev164-6.34.1
      venv-openstack-nova-x86_64-18.3.1~dev91-3.34.1
      venv-openstack-octavia-x86_64-3.2.3~dev7-4.30.1
      venv-openstack-sahara-x86_64-9.0.2~dev15-3.30.1
      venv-openstack-swift-x86_64-2.19.2~dev48-2.25.1


References:

   https://www.suse.com/security/cve/CVE-2022-22818.html
   https://www.suse.com/security/cve/CVE-2022-23833.html
   https://bugzilla.suse.com/1195086
   https://bugzilla.suse.com/1195088

SUSE: 2022:0285-1 important: python-Django1

February 1, 2022
An update that fixes two vulnerabilities is now available

Summary

This update for python-Django1 fixes the following issues: - CVE-2022-22818: Fixed possible XSS via {% debug %} template tag (bsc#1195086) - CVE-2022-23833: Fixed denial-of-service possibility in file uploads. (bsc#1195088) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-285=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-285=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python-Django1-1.11.29-3.37.1 - SUSE OpenStack Cloud 9 (noarch): python-Django1-1.11.29-3.37.1 venv-openstack-barbican-x86_64-7.0.1~dev24-3.30.1 venv-openstack-cinder-x86_64-13.0.10~dev23-3.33.1 venv-openstack-designate-x86_64-7.0.2~dev2-3.30.1 venv-openstack-glance-x86_64-17.0.1~dev30-3.28.1 venv-openstack-heat-x86_64-11.0.4~dev4-3.30.1 venv-openstack-horizon-x86_64-14.1.1~dev11-4.34.2 venv-openstack-ironic-x86_64-11.1.5~dev17-4.28.1 venv-openstack-keystone-x86_64-14.2.1~dev7-3.31.1 venv-openstack-magnum-x86_64-7.2.1~dev1-4.30.1 venv-openstack-manila-x86_64-7.4.2~dev60-3.36.1 venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.30.1 venv-openstack-monasca-x86_64-2.7.1~dev10-3.32.1 venv-openstack-neutron-x86_64-13.0.8~dev164-6.34.1 venv-openstack-nova-x86_64-18.3.1~dev91-3.34.1 venv-openstack-octavia-x86_64-3.2.3~dev7-4.30.1 venv-openstack-sahara-x86_64-9.0.2~dev15-3.30.1 venv-openstack-swift-x86_64-2.19.2~dev48-2.25.1

References

#1195086 #1195088

Cross- CVE-2022-22818 CVE-2022-23833

CVSS scores:

CVE-2022-22818 (SUSE): 5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CVE-2022-23833 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

SUSE OpenStack Cloud Crowbar 9

SUSE OpenStack Cloud 9

https://www.suse.com/security/cve/CVE-2022-22818.html

https://www.suse.com/security/cve/CVE-2022-23833.html

https://bugzilla.suse.com/1195086

https://bugzilla.suse.com/1195088

Severity
Announcement ID: SUSE-SU-2022:0285-1
Rating: important

Related News

Security Highlights from KubeCon + CloudNativeCon 2023

Nov 18, 2023

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo