Описание
Security update for python3
This update for python3 fixes the following issues:
- CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997)
- CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400)
- CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401)
Список пакетов
Container bci/python:3
libpython3_6m1_0-3.6.15-150300.10.103.1
python3-3.6.15-150300.10.103.1
python3-base-3.6.15-150300.10.103.1
python3-devel-3.6.15-150300.10.103.1
Container bci/spack:latest
libpython3_6m1_0-3.6.15-150300.10.103.1
python3-base-3.6.15-150300.10.103.1
Container suse/389-ds:latest
libpython3_6m1_0-3.6.15-150300.10.103.1
python3-3.6.15-150300.10.103.1
python3-base-3.6.15-150300.10.103.1
Container suse/kea:latest
libpython3_6m1_0-3.6.15-150300.10.103.1
python3-base-3.6.15-150300.10.103.1
Container suse/kiosk/pulseaudio:latest
libpython3_6m1_0-3.6.15-150300.10.103.1
python3-base-3.6.15-150300.10.103.1
Container suse/manager/4.3/proxy-httpd:latest
libpython3_6m1_0-3.6.15-150300.10.103.1
python3-3.6.15-150300.10.103.1
python3-base-3.6.15-150300.10.103.1
Container suse/manager/4.3/proxy-salt-broker:latest
libpython3_6m1_0-3.6.15-150300.10.103.1
python3-3.6.15-150300.10.103.1
python3-base-3.6.15-150300.10.103.1
Container suse/manager/4.3/proxy-ssh:latest
libpython3_6m1_0-3.6.15-150300.10.103.1
python3-3.6.15-150300.10.103.1
python3-base-3.6.15-150300.10.103.1
Container suse/manager/4.3/proxy-tftpd:latest
libpython3_6m1_0-3.6.15-150300.10.103.1
python3-3.6.15-150300.10.103.1
python3-base-3.6.15-150300.10.103.1
Container suse/mariadb:latest
libpython3_6m1_0-3.6.15-150300.10.103.1
python3-base-3.6.15-150300.10.103.1
Container suse/samba-client:latest
libpython3_6m1_0-3.6.15-150300.10.103.1
python3-base-3.6.15-150300.10.103.1
Container suse/samba-server:latest
libpython3_6m1_0-3.6.15-150300.10.103.1
python3-base-3.6.15-150300.10.103.1
Container suse/samba-toolbox:latest
libpython3_6m1_0-3.6.15-150300.10.103.1
python3-base-3.6.15-150300.10.103.1
Container suse/sle-micro-rancher/5.2:latest
libpython3_6m1_0-3.6.15-150300.10.103.1
python3-base-3.6.15-150300.10.103.1
Container suse/sle-micro/5.2/toolbox:latest
libpython3_6m1_0-3.6.15-150300.10.103.1
python3-base-3.6.15-150300.10.103.1
SUSE Linux Enterprise Micro 5.2
libpython3_6m1_0-3.6.15-150300.10.103.1
python3-3.6.15-150300.10.103.1
python3-base-3.6.15-150300.10.103.1
SUSE Linux Enterprise Micro 5.3
libpython3_6m1_0-3.6.15-150300.10.103.1
python3-3.6.15-150300.10.103.1
python3-base-3.6.15-150300.10.103.1
SUSE Linux Enterprise Micro 5.4
libpython3_6m1_0-3.6.15-150300.10.103.1
python3-3.6.15-150300.10.103.1
python3-base-3.6.15-150300.10.103.1
SUSE Linux Enterprise Micro 5.5
libpython3_6m1_0-3.6.15-150300.10.103.1
python3-3.6.15-150300.10.103.1
python3-base-3.6.15-150300.10.103.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
libpython3_6m1_0-3.6.15-150300.10.103.1
python3-3.6.15-150300.10.103.1
python3-base-3.6.15-150300.10.103.1
python3-curses-3.6.15-150300.10.103.1
python3-dbm-3.6.15-150300.10.103.1
python3-devel-3.6.15-150300.10.103.1
python3-idle-3.6.15-150300.10.103.1
python3-tk-3.6.15-150300.10.103.1
SUSE Linux Enterprise Module for Development Tools 15 SP7
python3-tools-3.6.15-150300.10.103.1
openSUSE Leap 15.6
libpython3_6m1_0-3.6.15-150300.10.103.1
libpython3_6m1_0-32bit-3.6.15-150300.10.103.1
python3-3.6.15-150300.10.103.1
python3-base-3.6.15-150300.10.103.1
python3-curses-3.6.15-150300.10.103.1
python3-dbm-3.6.15-150300.10.103.1
python3-devel-3.6.15-150300.10.103.1
python3-doc-3.6.15-150300.10.103.1
python3-doc-devhelp-3.6.15-150300.10.103.1
python3-idle-3.6.15-150300.10.103.1
python3-testsuite-3.6.15-150300.10.103.1
python3-tk-3.6.15-150300.10.103.1
python3-tools-3.6.15-150300.10.103.1
Ссылки
- Link for SUSE-SU-2026:0027-1
- E-Mail link for SUSE-SU-2026:0027-1
- SUSE Security Ratings
- SUSE Bug 1254400
- SUSE Bug 1254401
- SUSE Bug 1254997
- SUSE CVE CVE-2025-12084 page
- SUSE CVE CVE-2025-13836 page
- SUSE CVE CVE-2025-13837 page
Описание
When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.
Затронутые продукты
Container bci/python:3:libpython3_6m1_0-3.6.15-150300.10.103.1
Container bci/python:3:python3-3.6.15-150300.10.103.1
Container bci/python:3:python3-base-3.6.15-150300.10.103.1
Container bci/python:3:python3-devel-3.6.15-150300.10.103.1
Ссылки
- CVE-2025-12084
- SUSE Bug 1254997
Описание
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.
Затронутые продукты
Container bci/python:3:libpython3_6m1_0-3.6.15-150300.10.103.1
Container bci/python:3:python3-3.6.15-150300.10.103.1
Container bci/python:3:python3-base-3.6.15-150300.10.103.1
Container bci/python:3:python3-devel-3.6.15-150300.10.103.1
Ссылки
- CVE-2025-13836
- SUSE Bug 1254400
Описание
When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues
Затронутые продукты
Container bci/python:3:libpython3_6m1_0-3.6.15-150300.10.103.1
Container bci/python:3:python3-3.6.15-150300.10.103.1
Container bci/python:3:python3-base-3.6.15-150300.10.103.1
Container bci/python:3:python3-devel-3.6.15-150300.10.103.1
Ссылки
- CVE-2025-13837
- SUSE Bug 1254401