RHSA-2022:5738 - Security Advisory

Topic

A security fix for a CVE in the Django library is now available.

Description

Red Hat Update Infrastructure (RHUI) offers a highly scalable, highly redundant framework that enables you to manage repositories and content. It also enables cloud providers to deliver content and updates to Red Hat Enterprise Linux (RHEL) instances.

Security Fix:

• Django: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments (CVE-2022-34265)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Users of RHUI are advised to upgrade to this updated package that fixes
this bug.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

RHUI services must be restarted for this update to take effect. To restart them, run the following command on the RHUA node as root:

# rhui-services-restart

For other information, consult the product documentation at:
https://access.redhat.com/documentation/en-us/red_hat_update_infrastructure/4

Affected Products

• Red Hat Update Infrastructure 4 x86_64

Fixes

• BZ - 2102896 - CVE-2022-34265 python-django: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments

CVEs

• CVE-2022-34265

References

• https://access.redhat.com/security/updates/classification/#important