Описание
Security update for python-future
This update for python-future fixes the following issues:
- CVE-2025-50817: Fixed arbitrary code execution via the automatic import of file test.py (bsc#1248124)
Список пакетов
SUSE Enterprise Storage 7.1
python3-future-0.18.2-150300.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
python3-future-0.18.2-150300.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
python3-future-0.18.2-150300.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
python3-future-0.18.2-150300.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
python3-future-0.18.2-150300.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
python3-future-0.18.2-150300.3.6.1
SUSE Linux Enterprise Micro 5.1
python3-future-0.18.2-150300.3.6.1
SUSE Linux Enterprise Micro 5.2
python3-future-0.18.2-150300.3.6.1
SUSE Linux Enterprise Micro 5.3
python3-future-0.18.2-150300.3.6.1
SUSE Linux Enterprise Micro 5.4
python3-future-0.18.2-150300.3.6.1
SUSE Linux Enterprise Micro 5.5
python3-future-0.18.2-150300.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
python3-future-0.18.2-150300.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
python3-future-0.18.2-150300.3.6.1
SUSE Linux Enterprise Server 15 SP3-LTSS
python3-future-0.18.2-150300.3.6.1
SUSE Linux Enterprise Server 15 SP4-LTSS
python3-future-0.18.2-150300.3.6.1
SUSE Linux Enterprise Server 15 SP5-LTSS
python3-future-0.18.2-150300.3.6.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
python3-future-0.18.2-150300.3.6.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
python3-future-0.18.2-150300.3.6.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
python3-future-0.18.2-150300.3.6.1
SUSE Manager Proxy LTS 4.3
python3-future-0.18.2-150300.3.6.1
SUSE Manager Server LTS 4.3
python3-future-0.18.2-150300.3.6.1
Ссылки
- Link for SUSE-SU-2025:03049-1
- E-Mail link for SUSE-SU-2025:03049-1
- SUSE Security Ratings
- SUSE Bug 1248124
- SUSE CVE CVE-2025-50817 page
Описание
A vulnerability in the Python-Future 1.0.0 module allows for arbitrary code execution via the unintended import of a file named test.py. When the module is loaded, it automatically imports test.py, if present in the same directory or in the sys.path. This behavior can be exploited by an attacker who has the ability to write files to the server, allowing the execution of arbitrary code.
Затронутые продукты
SUSE Enterprise Storage 7.1:python3-future-0.18.2-150300.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python3-future-0.18.2-150300.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-future-0.18.2-150300.3.6.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-future-0.18.2-150300.3.6.1
Ссылки
- CVE-2025-50817
- SUSE Bug 1248124