ELBA-2026-62647
- ULN >
- Oracle Linux Errata repository >
- ELBA-2026-62647
ELBA-2026-62647 - python-django4.2 Bug Fix update
| Type: | BUG |
| Impact: | NA |
| Release Date: | 2026-03-01 |
Description
[4.2.28-1]
- Update to version 4.2.28
- Fixes CVE-2025-13473: Username enumeration through timing difference in
mod_wsgi authentication handler
- Fixes CVE-2025-14550: Potential denial-of-service vulnerability via
repeated headers when using ASGI
- Fixes CVE-2026-1207: Potential SQL injection via raster lookups on
PostGIS
- Fixes CVE-2026-1285: Potential denial-of-service vulnerability in
django.utils.text.Truncator HTML methods
- Fixes CVE-2026-1287: Potential SQL injection in column aliases via
control characters
- Fixes CVE-2026-1312: Potential SQL injection via QuerySet.order_by and
FilteredRelation
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 9 (x86_64) | python-django4.2-4.2.28-1.el9.src.rpm | a2c0915b771a6e2bc8bcb1fb1cf929fb6bad444df74b29309b1b9b2dc7b66dda | - | ol9_x86_64_developer_EPEL |
| python-django4.2-bash-completion-4.2.28-1.el9.noarch.rpm | 75a7235d151408dd3cbc0b004ff735d35015f996d5968ad834c25887d4ebc34c | - | ol9_x86_64_developer_EPEL | |
| python3-django4.2-4.2.28-1.el9.noarch.rpm | 289fa8eed00b86cf47bfda7ccc79b4d5034712c0c3a466d9a82132b129b70197 | - | ol9_x86_64_developer_EPEL | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
