Issued:: 2024-11-13
Updated:: 2024-11-13

RHSA-2024:9481 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: Red Hat OpenStack Platform 18.0.3 (python-django) security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for python-django is now available for Red Hat OpenStack Platform
18.0.3 (Feature Release 1) (Antelope).

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as much
as possible and adhering to the DRY (Don't Repeat Yourself) principle.

Security Fix(es):

Potential denial-of-service in django.utils.html.urlize()

(CVE-2024-38875)

Potential denial-of-service in

django.utils.translation.get_supported_language_variant() (CVE-2024-39614)

Username enumeration through timing difference for users with unusable

passwords (CVE-2024-39329)

Potential directory-traversal in django.core.files.storage.Storage.save()

(CVE-2024-39330)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update as a new RHOSO 18.0 deployment, see
“Deploying Red Hat OpenStack Services on OpenShift” at
https://docs.redhat.com/en/documentation/red_hat_openstack_services_on_openshift/18.0/html/deploying_red_hat_openstack_services_on_openshift/index

For details on how to apply this update to an existing RHOSO 18.0 deployment, see "Updating your environment to the latest maintenance release" at
https://docs.redhat.com/en/documentation/red_hat_openstack_services_on_openshift/18.0/html/updating_your_environment_to_the_latest_maintenance_release/index

Affected Products

Red Hat OpenStack Services on OpenShift 18.0 x86_64

Fixes

BZ - 2295935 - CVE-2024-38875 python-django: Potential denial-of-service in django.utils.html.urlize()
BZ - 2295936 - CVE-2024-39329 python-django: Username enumeration through timing difference for users with unusable passwords
BZ - 2295937 - CVE-2024-39330 python-django: Potential directory-traversal in django.core.files.storage.Storage.save()
BZ - 2295938 - CVE-2024-39614 python-django: Potential denial-of-service in django.utils.translation.get_supported_language_variant()

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack Services on OpenShift 18.0

SRPM
python-django-3.2.12-8.el9ost.src.rpm	SHA-256: 5c9980a82ecc416671ffab72984490fc819590fde3ca800a8255513634e74fd7
x86_64
python3-django-3.2.12-8.el9ost.noarch.rpm	SHA-256: 5568951f2dbd3d418bdd58336fa1f51264148278ad468d552d185fe5bc4d43b3

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation