SUSE Package Hub - openSUSE-2024-251

Update Info

openSUSE-2024-251

Security update for python-Django

Type: security

Severity: important

Issued: 2024-08-18

Description:

This update for python-Django fixes the following issues:

- CVE-2023-23969: Potential denial-of-service via Accept-Language headers (boo#1207565)
- CVE-2024-38875: Potential denial-of-service attack via certain inputs with a very large number of brackets (boo#1227590)
- CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords (boo#1227593)
- CVE-2024-39330: Potential directory traversal in django.core.files.storage.Storage.save() (boo#1227594)
- CVE-2024-39614: Potential denial-of-service through django.utils.translation.get_supported_language-variant()  (boo#1227595)

References

CVE: CVE-2024-39614
CVE: CVE-2024-39330
CVE: CVE-2024-39329
CVE: CVE-2024-38875
CVE: CVE-2023-23969
Bugzilla: 1227595 VUL-0: CVE-2024-39614: python-Django: potential denial-of-service through django.utils.translation.get_supported_language_variant()
Bugzilla: 1227594 VUL-0: CVE-2024-39330: python-Django: potential directory traversal in django.core.files.storage.Storage.save()
Bugzilla: 1227593 VUL-0: CVE-2024-39329: python-Django: username enumeration through timing difference for users with unusable passwords
Bugzilla: 1227590 VUL-0: CVE-2024-38875: python-Django: potential denial-of-service through django.utils.html.urlize()
Bugzilla: 1207565 VUL-0: CVE-2023-23969: python-Django: potential denial-of-service via Accept-Language headers

Packages

python-Django-2.2.28-bp155.7.12.1