Explore top 10 tips to secure your open-source projects now. Read More
×Update python-django5 to version 5.2.16 Fixes three low-severity CVEs CVE-2026-48588: Potential exposure of private data via cached Set-Cookie response CVE-2026-53877: Heap buffer over-read in GDALRaster. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-595d35a4d1 2026-07-18 00:26:14.273091+00:00 -------------------------------------------------------------------------------- Name : python-django5 Product : Fedora 44 Version : 5.2.16 Release : 1.fc44 URL : https://www.djangoproject.com/ Summary : A high-level Python Web framework Description : Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. -------------------------------------------------------------------------------- Update Information: Update python-django5 to version 5.2.16 Fixes three low-severity CVEs CVE-2026-48588: Potential exposure of private data via cached Set-Cookie response CVE-2026-53877: Heap buffer over-read in GDALRaster CVE-2026-53878: Header injection possibility since DomainNameValidator accepted newlines in input -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 16 2026 Michel Lind - 5.2.16-1 - Update to version 5.2.16; Resolves RHBZ#2497734 - Fixes three low-severity CVEs - CVE-2026-48588: Potential exposure of private data via cached Set-Cookie response - CVE-2026-53877: Heap buffer over-read in GDALRaster - CVE-2026-53878: Header injection possibility since DomainNameValidator accepted newlines in input * Thu Jul 16 2026 Fedora Release Engineering - 5.2.15-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_45_Mass_Rebuild * Fri Jun 19 2026 Miro Hrončok - 5.2.15-5 - Heavily reduce the list of skipped tests * Sat Jun 6 2026 Michel Lind - 5.2.15-4 - Remove dump of disabled tests from the end of thespec * Sat Jun 6 2026 Michel Lind - 5.2.15-3 - Disable failing tests on Python 3.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2497734 - python-django5-5.2.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=2497734 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-595d35a4d1' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Upgrade python-django5 to version 5.2.16 to fix low-severity issues with potential data exposure and buffer over-read.. Fedora security patch, python-django5 update, data protection Linux, buffer over-read issue, web framework vulnerabilities. . Severity: Low. LinuxSecurity.com Team
An update that solves two vulnerabilities can now be installed.. # Security update for python-Django Announcement ID: SUSE-SU-2026:2819-1 Release Date: 2026-07-09T17:12:22Z Rating: moderate References: * bsc#1271029 * bsc#1271030 Cross-References: * CVE-2026-48588 * CVE-2026-53877 CVSS scores: * CVE-2026-48588 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-48588 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-48588 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-48588 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-53877 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-53877 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-53877 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-Django fixes the following issues: * CVE-2026-48588: potential exposure of private data via cached `Set-Cookie` response (bsc#1271029). * CVE-2026-53877: information disclosure via 32-byte heap buffer overread in `GDALRaster` (bsc#1271030). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patchSUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2819=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2819=1 ## Package List: * SUSE Package Hub 15 15-SP7 (noarch) * python311-Django-4.2.11-150600.3.62.1 * openSUSE Leap 15.6 (noarch) * python311-Django-4.2.11-150600.3.62.1 ## References: * https://www.suse.com/security/cve/CVE-2026-48588.html * https://www.suse.com/security/cve/CVE-2026-53877.html * https://bugzilla.suse.com/show_bug.cgi?id=1271029 * https://bugzilla.suse.com/show_bug.cgi?id=1271030 . This security update for python-Django addresses two critical issues including potential data exposure and information disclosure.. python django updates, opensuse security, data exposure fix, security patch. . Severity: moderate. LinuxSecurity.com Team
Several security issues were fixed in AMD Microcode.. ========================================================================== Ubuntu Security Notice USN-8475-1 June 25, 2026 amd64-microcode vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS Summary: Several security issues were fixed in AMD Microcode. Software Description: - amd64-microcode: Platform firmware and microcode for AMD CPUs and SoCs Details: Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) It was discovered that some AMD Zen 5 processors supporting RDSEED instruction did not properly handle entropy, potentially resulting in the consumption of insufficiently random values. A local attacker could possibly use this issue to influence the values returned by the RDSEED instruction causing loss of confidentiality and integrity. (CVE-2025-62626) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 amd64-microcode 3.20251202.1ubuntu0.25.10.1 Ubuntu 24.04 LTS amd64-microcode 3.20251202.1ubuntu0.24.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: For the most comprehensive protection, users should update their system BIOS/UEFI to the latest version provided by their hardware vendor. If the BIOS has not been updated, this microcode update will apply the latest available mitigations that can be delivered via the operating system. For more information, pleasesee: https://ubuntu.com/security/vulnerabilities/entrysign References: https://ubuntu.com/security/notices/USN-8475-1 CVE-2024-36350, CVE-2024-36357, CVE-2025-62626 Package Information: https://launchpad.net/ubuntu/+source/amd64-microcode/3.20251202.1ubuntu0.25.10.1 https://launchpad.net/ubuntu/+source/amd64-microcode/3.20251202.1ubuntu0.24.04.1 . Update your Ubuntu systems to patch critical AMD Microcode vulnerabilities leading to data leaks and integrity issues.. Ubuntu Security Update, AMD Microcode, Confidentiality Loss. . Severity: Important. LinuxSecurity.com Team
Fixes five low-severity CVEs CVE-2026-6873: Signed cookie salt namespace collision CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in the SMTP backend CVE-2026-8404: Potential exposure of private data via case-sensitive Cache-. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-f140cb16b6 2026-06-15 01:10:25.755889+00:00 -------------------------------------------------------------------------------- Name : python-django5 Product : Fedora 43 Version : 5.2.15 Release : 1.fc43 URL : https://www.djangoproject.com/ Summary : A high-level Python Web framework Description : Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. -------------------------------------------------------------------------------- Update Information: Fixes five low-severity CVEs CVE-2026-6873: Signed cookie salt namespace collision CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in the SMTP backend CVE-2026-8404: Potential exposure of private data via case-sensitive Cache- Control directives CVE-2026-35193: Potential exposure of private data via missing Vary: Authorization CVE-2026-48587: Potential exposure of private data via whitespace padding in Vary header -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 5 2026 Michel Lind - 5.2.15-1 - Update to version 5.2.15; Resolves RHBZ#2484354 - Fixes five low-severity CVEs - CVE-2026-6873: Signed cookie salt namespace collision - CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in the SMTP backend - CVE-2026-8404: Potential exposure of private data via case-sensitive Cache-Control directives - CVE-2026-35193: Potential exposure of private data via missing Vary: Authorization - CVE-2026-48587: Potential exposure of private data via whitespace padding in Vary header * Fri Jun 5 2026 Python Maint - 5.2.14-3 - Rebuilt for Python 3.15 * Thu Jun 4 2026 Python Maint - 5.2.14-2 - Bootstrap for Python 3.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2484354 - python-django5-5.2.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=2484354 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f140cb16b6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Fixes five low-severity CVEs CVE-2026-6873: Signed cookie salt namespace collision CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in the SMTP backend CVE-2026-8404: Potential exposure of private data via case-sensitive Cache-. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e4146022ce 2026-06-15 00:48:35.285131+00:00 -------------------------------------------------------------------------------- Name : python-django5 Product : Fedora 44 Version : 5.2.15 Release : 1.fc44 URL : https://www.djangoproject.com/ Summary : A high-level Python Web framework Description : Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. -------------------------------------------------------------------------------- Update Information: Fixes five low-severity CVEs CVE-2026-6873: Signed cookie salt namespace collision CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in the SMTP backend CVE-2026-8404: Potential exposure of private data via case-sensitive Cache- Control directives CVE-2026-35193: Potential exposure of private data via missing Vary: Authorization CVE-2026-48587: Potential exposure of private data via whitespace padding in Vary header -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 5 2026 Michel Lind - 5.2.15-1 - Update to version 5.2.15; Resolves RHBZ#2484354 - Fixes five low-severity CVEs - CVE-2026-6873: Signed cookie salt namespace collision - CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in the SMTP backend - CVE-2026-8404: Potential exposure of private data via case-sensitive Cache-Control directives - CVE-2026-35193: Potential exposure of private data via missing Vary: Authorization - CVE-2026-48587: Potential exposure of private data via whitespace padding in Vary header * Fri Jun 5 2026 Python Maint - 5.2.14-3 - Rebuilt for Python 3.15 * Thu Jun 4 2026 Python Maint - 5.2.14-2 - Bootstrap for Python 3.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2484354 - python-django5-5.2.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=2484354 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e4146022ce' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
An update that solves 5 vulnerabilities and has 5 bug fixes can now be installed.. openSUSE security update: security update for python-django ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20937-1 Rating: important References: * bsc#1267576 * bsc#1267577 * bsc#1267578 * bsc#1267579 * bsc#1267580 Cross-References: * CVE-2026-35193 * CVE-2026-48587 * CVE-2026-6873 * CVE-2026-7666 * CVE-2026-8404 CVSS scores: * CVE-2026-35193 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-35193 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-48587 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-48587 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-6873 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-6873 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-7666 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-7666 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-8404 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-8404 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 5 vulnerabilities and has 5 bug fixes can now be installed. Description: This update for python-Django fixes the following issues: Changes in python-Django: - CVE-2026-6873: Signed cookie salt namespace collision (bsc#1267578) - CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in the SMTP backend (bsc#1267579) - CVE-2026-8404: Potential exposure of private data via case-sensitive Cache-Control directives (bsc#1267580) - CVE-2026-35193: Potential exposure of private data via missing Vary: Authorization (bsc#1267576) -CVE-2026-48587: Potential exposure of private data via whitespace padding in Vary header (bsc#1267577) Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-305=1 Package List: - openSUSE Leap 16.0: python313-Django-5.2.4-bp160.9.1 References: * https://www.suse.com/security/cve/CVE-2026-35193.html * https://www.suse.com/security/cve/CVE-2026-48587.html * https://www.suse.com/security/cve/CVE-2026-6873.html * https://www.suse.com/security/cve/CVE-2026-7666.html * https://www.suse.com/security/cve/CVE-2026-8404.html . This update addresses five vulnerabilities in python-Django with important fixes for potential data exposure and email security.. openSUSE python-Django update important vulnerabilities data exposure. . Severity: Important. LinuxSecurity.com Team
update to 2026.4.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-111cf6d28f 2026-06-12 00:58:37.608012+00:00 -------------------------------------------------------------------------------- Name : vaultwarden-web Product : Fedora 44 Version : 2026.4.1 Release : 1.fc44 URL : https://github.com/dani-garcia/bw_web_builds Summary : Web vault for vaultwarden Description : Web vault for vaultwarden. -------------------------------------------------------------------------------- Update Information: update to 2026.4.1 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 3 2026 Jonathan Wright - 2026.4.1-1 - update to 2026.4.1 rhbz#2387335 - Fixes CVE-2026-27803 Unauthorized collection management operations due to improper access control - Fixes CVE-2026-27801 Two-factor authentication bypass allows unauthorized access and data deletion - Fixes CVE-2026-27802 Privilege Escalation via Unauthorized Bulk Permission Update - Fixes CVE-2026-27898 Information disclosure via API partial update -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-111cf6d28f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
An update that solves five vulnerabilities can now be installed.. # Security update for python-Django Announcement ID: SUSE-SU-2026:2318-1 Release Date: 2026-06-09T13:22:05Z Rating: important References: * bsc#1267576 * bsc#1267577 * bsc#1267578 * bsc#1267579 * bsc#1267580 Cross-References: * CVE-2026-35193 * CVE-2026-48587 * CVE-2026-6873 * CVE-2026-7666 * CVE-2026-8404 CVSS scores: * CVE-2026-35193 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-35193 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-35193 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-35193 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-48587 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-48587 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-48587 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-48587 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-48587 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6873 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-6873 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-6873 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6873 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6873 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-7666 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-7666 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-7666 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-7666 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-8404 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-8404 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-8404 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-8404 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-8404 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves five vulnerabilities can now be installed. ## Description: This update for python-Django fixes the following issues * CVE-2026-6873: signed cookie salt namespace collision in `django.http.HttpRequest.get_signed_cookie` (bsc#1267578). * CVE-2026-7666: potential unencrypted email transmission via `STARTTLS` in the SMTP backend (bsc#1267579). * CVE-2026-8404: potential exposure of private data via case-sensitive `Cache- Control` directives in `UpdateCacheMiddleware` (bsc#1267580). * CVE-2026-35193: potential exposure of private data via missing `Vary: Authorization` in `UpdateCacheMiddleware` (bsc#1267576). * CVE-2026-48587: potential exposure of private data via whitespace padding in `Vary` header (bsc#1267577). ## Patch Instructions: Toinstall this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2318=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2318=1 ## Package List: * openSUSE Leap 15.6 (noarch) * python311-Django-4.2.11-150600.3.59.1 * SUSE Package Hub 15 15-SP7 (noarch) * python311-Django-4.2.11-150600.3.59.1 ## References: * https://www.suse.com/security/cve/CVE-2026-35193.html * https://www.suse.com/security/cve/CVE-2026-48587.html * https://www.suse.com/security/cve/CVE-2026-6873.html * https://www.suse.com/security/cve/CVE-2026-7666.html * https://www.suse.com/security/cve/CVE-2026-8404.html * https://bugzilla.suse.com/show_bug.cgi?id=1267576 * https://bugzilla.suse.com/show_bug.cgi?id=1267577 * https://bugzilla.suse.com/show_bug.cgi?id=1267578 * https://bugzilla.suse.com/show_bug.cgi?id=1267579 * https://bugzilla.suse.com/show_bug.cgi?id=1267580 . A critical security update for python-Django addresses five important vulnerabilities in openSUSE systems.. openSUSE security update python-Django vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.