Описание
Security update for python312
This update for python312 fixes the following issues:
- CVE-2025-12084: quadratic complexity when building nested elements using
xml.dom.minidommethods that depend on_clear_id_cache()can lead to availability issues when building excessively nested documents (bsc#1254997). - CVE-2025-13836: use of
Content-Lengthby default when reading an HTTP response with no read amount specified can lead to OOM issues and DoS when a client deals with a malicious server (bsc#1254400). - CVE-2025-13837: data read by the plistlib module according to the size specified by the file itself can lead to OOM issues and DoS (bsc#1254401).
Список пакетов
openSUSE Leap 15.6
libpython3_12-1_0-3.12.12-150600.3.40.1
libpython3_12-1_0-32bit-3.12.12-150600.3.40.1
python312-3.12.12-150600.3.40.1
python312-32bit-3.12.12-150600.3.40.1
python312-base-3.12.12-150600.3.40.1
python312-base-32bit-3.12.12-150600.3.40.1
python312-curses-3.12.12-150600.3.40.1
python312-dbm-3.12.12-150600.3.40.1
python312-devel-3.12.12-150600.3.40.1
python312-doc-3.12.12-150600.3.40.1
python312-doc-devhelp-3.12.12-150600.3.40.1
python312-idle-3.12.12-150600.3.40.1
python312-testsuite-3.12.12-150600.3.40.1
python312-tk-3.12.12-150600.3.40.1
python312-tools-3.12.12-150600.3.40.1
Ссылки
- Link for SUSE-SU-2026:0025-1
- E-Mail link for SUSE-SU-2026:0025-1
- SUSE Security Ratings
- SUSE Bug 1254400
- SUSE Bug 1254401
- SUSE Bug 1254997
- SUSE CVE CVE-2025-12084 page
- SUSE CVE CVE-2025-13836 page
- SUSE CVE CVE-2025-13837 page
Описание
When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.
Затронутые продукты
openSUSE Leap 15.6:libpython3_12-1_0-3.12.12-150600.3.40.1
openSUSE Leap 15.6:libpython3_12-1_0-32bit-3.12.12-150600.3.40.1
openSUSE Leap 15.6:python312-3.12.12-150600.3.40.1
openSUSE Leap 15.6:python312-32bit-3.12.12-150600.3.40.1
Ссылки
- CVE-2025-12084
- SUSE Bug 1254997
Описание
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.
Затронутые продукты
openSUSE Leap 15.6:libpython3_12-1_0-3.12.12-150600.3.40.1
openSUSE Leap 15.6:libpython3_12-1_0-32bit-3.12.12-150600.3.40.1
openSUSE Leap 15.6:python312-3.12.12-150600.3.40.1
openSUSE Leap 15.6:python312-32bit-3.12.12-150600.3.40.1
Ссылки
- CVE-2025-13836
- SUSE Bug 1254400
Описание
When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues
Затронутые продукты
openSUSE Leap 15.6:libpython3_12-1_0-3.12.12-150600.3.40.1
openSUSE Leap 15.6:libpython3_12-1_0-32bit-3.12.12-150600.3.40.1
openSUSE Leap 15.6:python312-3.12.12-150600.3.40.1
openSUSE Leap 15.6:python312-32bit-3.12.12-150600.3.40.1
Ссылки
- CVE-2025-13837
- SUSE Bug 1254401