Описание
Security update for python39
This update for python39 fixes the following issues:
- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)
Список пакетов
Container containers/python:3.9
libpython3_9-1_0-3.9.21-150300.4.64.1
python39-3.9.21-150300.4.64.1
python39-base-3.9.21-150300.4.64.1
python39-devel-3.9.21-150300.4.64.1
Image python_15_6
libpython3_9-1_0-3.9.21-150300.4.64.1
python39-3.9.21-150300.4.64.1
python39-base-3.9.21-150300.4.64.1
python39-devel-3.9.21-150300.4.64.1
openSUSE Leap 15.6
libpython3_9-1_0-3.9.21-150300.4.64.1
libpython3_9-1_0-32bit-3.9.21-150300.4.64.1
python39-3.9.21-150300.4.64.1
python39-32bit-3.9.21-150300.4.64.1
python39-base-3.9.21-150300.4.64.1
python39-base-32bit-3.9.21-150300.4.64.1
python39-curses-3.9.21-150300.4.64.1
python39-dbm-3.9.21-150300.4.64.1
python39-devel-3.9.21-150300.4.64.1
python39-doc-3.9.21-150300.4.64.1
python39-doc-devhelp-3.9.21-150300.4.64.1
python39-idle-3.9.21-150300.4.64.1
python39-testsuite-3.9.21-150300.4.64.1
python39-tk-3.9.21-150300.4.64.1
python39-tools-3.9.21-150300.4.64.1
Ссылки
- Link for SUSE-SU-2025:0386-1
- E-Mail link for SUSE-SU-2025:0386-1
- SUSE Security Ratings
- SUSE Bug 1236705
- SUSE CVE CVE-2025-0938 page
Описание
The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.
Затронутые продукты
Container containers/python:3.9:libpython3_9-1_0-3.9.21-150300.4.64.1
Container containers/python:3.9:python39-3.9.21-150300.4.64.1
Container containers/python:3.9:python39-base-3.9.21-150300.4.64.1
Container containers/python:3.9:python39-devel-3.9.21-150300.4.64.1
Ссылки
- CVE-2025-0938
- SUSE Bug 1236705