Описание
Security update for python36
This update for python36 fixes the following issues:
- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)
Список пакетов
Image SLES12-SP5-EC2-BYOS
libpython3_6m1_0-3.6.15-76.1
python36-base-3.6.15-76.1
Image SLES12-SP5-EC2-On-Demand
libpython3_6m1_0-3.6.15-76.1
python36-base-3.6.15-76.1
Image SLES12-SP5-EC2-SAP-BYOS
libpython3_6m1_0-3.6.15-76.1
python36-base-3.6.15-76.1
Image SLES12-SP5-EC2-SAP-On-Demand
libpython3_6m1_0-3.6.15-76.1
python36-base-3.6.15-76.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libpython3_6m1_0-3.6.15-76.1
python36-base-3.6.15-76.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libpython3_6m1_0-3.6.15-76.1
python36-base-3.6.15-76.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
libpython3_6m1_0-3.6.15-76.1
libpython3_6m1_0-32bit-3.6.15-76.1
python36-3.6.15-76.1
python36-base-3.6.15-76.1
python36-devel-3.6.15-76.1
Ссылки
- Link for SUSE-SU-2025:0434-1
- E-Mail link for SUSE-SU-2025:0434-1
- SUSE Security Ratings
- SUSE Bug 1236705
- SUSE CVE CVE-2025-0938 page
Описание
The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.
Затронутые продукты
Image SLES12-SP5-EC2-BYOS:libpython3_6m1_0-3.6.15-76.1
Image SLES12-SP5-EC2-BYOS:python36-base-3.6.15-76.1
Image SLES12-SP5-EC2-On-Demand:libpython3_6m1_0-3.6.15-76.1
Image SLES12-SP5-EC2-On-Demand:python36-base-3.6.15-76.1
Ссылки
- CVE-2025-0938
- SUSE Bug 1236705