Описание
Security update for python310
This update for python310 fixes the following issues:
- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)
Список пакетов
openSUSE Leap 15.6
libpython3_10-1_0-3.10.16-150400.4.69.1
libpython3_10-1_0-32bit-3.10.16-150400.4.69.1
python310-3.10.16-150400.4.69.1
python310-32bit-3.10.16-150400.4.69.1
python310-base-3.10.16-150400.4.69.1
python310-base-32bit-3.10.16-150400.4.69.1
python310-curses-3.10.16-150400.4.69.1
python310-dbm-3.10.16-150400.4.69.1
python310-devel-3.10.16-150400.4.69.1
python310-doc-3.10.16-150400.4.69.1
python310-doc-devhelp-3.10.16-150400.4.69.1
python310-idle-3.10.16-150400.4.69.1
python310-testsuite-3.10.16-150400.4.69.1
python310-tk-3.10.16-150400.4.69.1
python310-tools-3.10.16-150400.4.69.1
Ссылки
- Link for SUSE-SU-2025:0406-1
- E-Mail link for SUSE-SU-2025:0406-1
- SUSE Security Ratings
- SUSE Bug 1236705
- SUSE CVE CVE-2025-0938 page
Описание
The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.
Затронутые продукты
openSUSE Leap 15.6:libpython3_10-1_0-3.10.16-150400.4.69.1
openSUSE Leap 15.6:libpython3_10-1_0-32bit-3.10.16-150400.4.69.1
openSUSE Leap 15.6:python310-3.10.16-150400.4.69.1
openSUSE Leap 15.6:python310-32bit-3.10.16-150400.4.69.1
Ссылки
- CVE-2025-0938
- SUSE Bug 1236705