SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-2577

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-2577

Security update for python-Django

Type: security

Severity: important

Issued: 2024-07-22

Description:

This update for python-Django fixes the following issues:

- CVE-2024-38875: Fixed potential denial-of-service attack via certain inputs with a very large number of brackets (bsc#1227590)
- CVE-2024-39329: Fixed username enumeration through timing difference for users with unusable passwords (bsc#1227593)
- CVE-2024-39330: Fixed potential directory traversal in django.core.files.storage.Storage.save() (bsc#1227594)
- CVE-2024-39614: Fixed potential denial-of-service through django.utils.translation.get_supported_language_variant() (bsc#1227595)

References

CVE: CVE-2024-39614
CVE: CVE-2024-39330
CVE: CVE-2024-39329
CVE: CVE-2024-38875
Bugzilla: 1227595 VUL-0: CVE-2024-39614: python-Django: potential denial-of-service through django.utils.translation.get_supported_language_variant()
Bugzilla: 1227594 VUL-0: CVE-2024-39330: python-Django: potential directory traversal in django.core.files.storage.Storage.save()
Bugzilla: 1227593 VUL-0: CVE-2024-39329: python-Django: username enumeration through timing difference for users with unusable passwords
Bugzilla: 1227590 VUL-0: CVE-2024-38875: python-Django: potential denial-of-service through django.utils.html.urlize()

Packages

python-Django-4.2.11-150600.3.3.1