Updated python-django packages fix security vulnerabilities
Publication date: 11 Apr 2026Modification date: 11 Apr 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-3902 , CVE-2026-4277 , CVE-2026-4292 , CVE-2026-33033 , CVE-2026-33034
Description
ASGI header spoofing via underscore/hyphen conflation. (CVE-2026-3902)
Privilege abuse in ``GenericInlineModelAdmin``. (CVE-2026-4277)
Privilege abuse in ``ModelAdmin.list_editable``. (CVE-2026-4292)
Potential denial-of-service vulnerability in ``MultiPartParser`` via
base64-encoded file upload. (CVE-2026-33033)
Potential denial-of-service vulnerability in ASGI requests via memory
upload limit bypass. (CVE-2026-33034)
References
- https://bugs.mageia.org/show_bug.cgi?id=35330
- https://www.openwall.com/lists/oss-security/2026/04/07/10
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3902
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4277
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4292
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33033
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33034
SRPMS
9/core
- python-django-4.1.13-1.12.mga9