openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2024:2545-1)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.856322

Kategorie: openSUSE Local Security Checks

Titel: openSUSE Security Advisory (SUSE-SU-2024:2545-1)

Zusammenfassung: The remote host is missing an update for the 'python-Django' package(s) announced via the SUSE-SU-2024:2545-1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'python-Django' package(s) announced via the SUSE-SU-2024:2545-1 advisory.

Vulnerability Insight:
This update for python-Django fixes the following issues:

- CVE-2024-38875: Fixed potential denial-of-service attack via certain inputs with a very large number of brackets (bsc#1227590)
- CVE-2024-39329: Fixed username enumeration through timing difference for users with unusable passwords (bsc#1227593)
- CVE-2024-39330: Fixed potential directory traversal in django.core.files.storage.Storage.save() (bsc#1227594)
- CVE-2024-39614: Fixed potential denial-of-service through django.utils.translation.get_supported_language_variant() (bsc#1227595)
- CVE-2023-23969: Fixed potential denial-of-service via Accept-Language headers (bsc#1207565)

Affected Software/OS:
'python-Django' package(s) on openSUSE Leap 15.5.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2023-23969
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/
https://docs.djangoproject.com/en/4.1/releases/security/
https://groups.google.com/forum/#!forum/django-announce
https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html
Common Vulnerability Exposure (CVE) ID: CVE-2024-38875
Common Vulnerability Exposure (CVE) ID: CVE-2024-39329
Common Vulnerability Exposure (CVE) ID: CVE-2024-39330
Common Vulnerability Exposure (CVE) ID: CVE-2024-39614

Copyright Copyright (C) 2024 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.856322
Kategorie:	openSUSE Local Security Checks
Titel:	openSUSE Security Advisory (SUSE-SU-2024:2545-1)
Zusammenfassung:	The remote host is missing an update for the 'python-Django' package(s) announced via the SUSE-SU-2024:2545-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'python-Django' package(s) announced via the SUSE-SU-2024:2545-1 advisory. Vulnerability Insight: This update for python-Django fixes the following issues: - CVE-2024-38875: Fixed potential denial-of-service attack via certain inputs with a very large number of brackets (bsc#1227590) - CVE-2024-39329: Fixed username enumeration through timing difference for users with unusable passwords (bsc#1227593) - CVE-2024-39330: Fixed potential directory traversal in django.core.files.storage.Storage.save() (bsc#1227594) - CVE-2024-39614: Fixed potential denial-of-service through django.utils.translation.get_supported_language_variant() (bsc#1227595) - CVE-2023-23969: Fixed potential denial-of-service via Accept-Language headers (bsc#1207565) Affected Software/OS: 'python-Django' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2023-23969 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/ https://docs.djangoproject.com/en/4.1/releases/security/ https://groups.google.com/forum/#!forum/django-announce https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html Common Vulnerability Exposure (CVE) ID: CVE-2024-38875 Common Vulnerability Exposure (CVE) ID: CVE-2024-39329 Common Vulnerability Exposure (CVE) ID: CVE-2024-39330 Common Vulnerability Exposure (CVE) ID: CVE-2024-39614
Copyright	Copyright (C) 2024 Greenbone AG