Security update for python-Django SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:0704-1 Final 1 1 2023-03-10T11:43:07Z current 2023-03-10T11:43:07Z 2023-03-10T11:43:07Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-Django This update for python-Django fixes the following issues: - CVE-2023-24580: Fixed DOS in file uploads (bsc#1208082). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). HPE-Helion-OpenStack-8-2023-704,SUSE-2023-704,SUSE-OpenStack-Cloud-8-2023-704,SUSE-OpenStack-Cloud-Crowbar-8-2023-704 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20230704-1/ Link for SUSE-SU-2023:0704-1 https://lists.suse.com/pipermail/sle-security-updates/2023-March/014016.html E-Mail link for SUSE-SU-2023:0704-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1208082 SUSE Bug 1208082 https://www.suse.com/security/cve/CVE-2023-24580/ SUSE CVE CVE-2023-24580 page HPE Helion OpenStack 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 python-Django-1.11.29-3.45.1 python3-Django-1.11.29-3.45.1 python-Django-1.11.29-3.45.1 as a component of HPE Helion OpenStack 8 python-Django-1.11.29-3.45.1 as a component of SUSE OpenStack Cloud 8 python-Django-1.11.29-3.45.1 as a component of SUSE OpenStack Cloud Crowbar 8 An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. CVE-2023-24580 HPE Helion OpenStack 8:python-Django-1.11.29-3.45.1 SUSE OpenStack Cloud 8:python-Django-1.11.29-3.45.1 SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.45.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20230704-1/ https://www.suse.com/security/cve/CVE-2023-24580.html CVE-2023-24580 https://bugzilla.suse.com/1208082 SUSE Bug 1208082