Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:4258-1

Опубликовано: 26 нояб. 2025
Источник: suse-cvrf

Описание

Security update for python312

This update for python312 fixes the following issues:

Update to 3.12.12:

  • CVE-2025-6075: Fixed quadratic complexity vulnerabilities of os.path.expandvars() (bsc#1252974)
  • CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory (EOCD) not checked by the 'zipfile' module (bsc#1251305)

Other fixes:

  • Fix readline history truncation when length is reduced

Список пакетов

SUSE Linux Enterprise Module for Python 3 15 SP6
libpython3_12-1_0-3.12.12-150600.3.37.1
python312-3.12.12-150600.3.37.1
python312-base-3.12.12-150600.3.37.1
python312-curses-3.12.12-150600.3.37.1
python312-dbm-3.12.12-150600.3.37.1
python312-devel-3.12.12-150600.3.37.1
python312-idle-3.12.12-150600.3.37.1
python312-tk-3.12.12-150600.3.37.1
python312-tools-3.12.12-150600.3.37.1
openSUSE Leap 15.6
libpython3_12-1_0-3.12.12-150600.3.37.1
libpython3_12-1_0-32bit-3.12.12-150600.3.37.1
python312-3.12.12-150600.3.37.1
python312-32bit-3.12.12-150600.3.37.1
python312-base-3.12.12-150600.3.37.1
python312-base-32bit-3.12.12-150600.3.37.1
python312-curses-3.12.12-150600.3.37.1
python312-dbm-3.12.12-150600.3.37.1
python312-devel-3.12.12-150600.3.37.1
python312-doc-3.12.12-150600.3.37.1
python312-doc-devhelp-3.12.12-150600.3.37.1
python312-idle-3.12.12-150600.3.37.1
python312-testsuite-3.12.12-150600.3.37.1
python312-tk-3.12.12-150600.3.37.1
python312-tools-3.12.12-150600.3.37.1

Ссылки

Описание

If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.

Затронутые продукты
SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.12-150600.3.37.1
SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.12-150600.3.37.1
SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.12-150600.3.37.1
SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.12-150600.3.37.1
Ссылки

Описание

The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations. Remediation maintains this behavior, but checks that the offset specified in the ZIP64 EOCD Locator record matches the expected value.

Затронутые продукты
SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.12-150600.3.37.1
SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.12-150600.3.37.1
SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.12-150600.3.37.1
SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.12-150600.3.37.1
Ссылки