Security update for python-Django SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2023:0062-1 Final 1 1 2023-02-28T15:43:17Z current 2023-02-28T15:43:17Z 2023-02-28T15:43:17Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-Django python-Django was updated to fix a security issues: - CVE-2023-24580: prevent DOS in file uploads (bsc#1208082) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2023-62 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IX7ZJWZJPRJ2P2GOWJ4MFYVZQU4QXSSE/ E-Mail link for openSUSE-SU-2023:0062-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-24580/ SUSE CVE CVE-2023-24580 page SUSE Package Hub 15 SP4 openSUSE Leap 15.4 python3-Django-2.2.28-bp154.2.9.1 python3-Django-2.2.28-bp154.2.9.1 as a component of SUSE Package Hub 15 SP4 python3-Django-2.2.28-bp154.2.9.1 as a component of openSUSE Leap 15.4 An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. CVE-2023-24580 SUSE Package Hub 15 SP4:python3-Django-2.2.28-bp154.2.9.1 openSUSE Leap 15.4:python3-Django-2.2.28-bp154.2.9.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IX7ZJWZJPRJ2P2GOWJ4MFYVZQU4QXSSE/ https://www.suse.com/security/cve/CVE-2023-24580.html CVE-2023-24580 https://bugzilla.suse.com/1208082 SUSE Bug 1208082