RLSA-2026:0123

Опубликовано: 07 янв. 2026

Источник: rocky

Оценка: Moderate

Описание

Moderate: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked (CVE-2025-8291)
cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service (CVE-2025-12084)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

Rocky Linux 8

Связанные CVE

CVE-2025-12084

CVE-2025-8291

Ссылки на источники

Исправления

https://bugzilla.redhat.com/show_bug.cgi?id=2402342
Red Hat - 2402342
https://bugzilla.redhat.com/show_bug.cgi?id=2418655
Red Hat - 2418655

Связанные уязвимости

ELSA-2026-0123

oracle-oval

около 1 месяца назад

ELSA-2026-0123: python3.12 security update (MODERATE)

SUSE-SU-2026:0133-1

suse-cvrf

23 дня назад

Security update for python

openSUSE-SU-2026:20081-1

suse-cvrf

17 дней назад

Security update for python313

CVE-2025-12084

CVSS3: 5.3

ubuntu

2 месяца назад

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

CVE-2025-12084

CVSS3: 5.3

nvd

2 месяца назад