SUSE-SU-2026:0226-1

Опубликовано: 22 янв. 2026

Источник: suse-cvrf

Описание

Security update for python-marshmallow

This update for python-marshmallow fixes the following issues:

CVE-2025-68480: Fixed possible DoS when using Schema.load(data, many=True) (bsc#1255473).

Список пакетов

Image SLES15-SP6

python311-marshmallow-3.20.2-150400.9.10.1

Image SLES15-SP6-Azure-3P

python311-marshmallow-3.20.2-150400.9.10.1

Image SLES15-SP6-BYOS

python311-marshmallow-3.20.2-150400.9.10.1

Image SLES15-SP6-BYOS-Azure

python311-marshmallow-3.20.2-150400.9.10.1

Image SLES15-SP6-SAP-Azure-3P

python311-marshmallow-3.20.2-150400.9.10.1

Image SLES15-SP7-Azure-3P

python311-marshmallow-3.20.2-150400.9.10.1

Image SLES15-SP7-Azure-Basic

python311-marshmallow-3.20.2-150400.9.10.1

Image SLES15-SP7-Azure-Standard

python311-marshmallow-3.20.2-150400.9.10.1

Image SLES15-SP7-BYOS-Azure

python311-marshmallow-3.20.2-150400.9.10.1

Image SLES15-SP7-HPC-Azure

python311-marshmallow-3.20.2-150400.9.10.1

Image SLES15-SP7-Hardened-BYOS-Azure

python311-marshmallow-3.20.2-150400.9.10.1

Image SLES15-SP7-SAP-Azure

python311-marshmallow-3.20.2-150400.9.10.1

Image SLES15-SP7-SAP-Azure-3P

python311-marshmallow-3.20.2-150400.9.10.1

Image SLES15-SP7-SAP-Hardened-Azure

python311-marshmallow-3.20.2-150400.9.10.1

Image SLES15-SP7-SAPCAL-Azure

python311-marshmallow-3.20.2-150400.9.10.1

SUSE Linux Enterprise Module for Public Cloud 15 SP4

python311-marshmallow-3.20.2-150400.9.10.1

SUSE Linux Enterprise Module for Public Cloud 15 SP5

python311-marshmallow-3.20.2-150400.9.10.1

SUSE Linux Enterprise Module for Public Cloud 15 SP6

python311-marshmallow-3.20.2-150400.9.10.1

SUSE Linux Enterprise Module for Public Cloud 15 SP7

python311-marshmallow-3.20.2-150400.9.10.1

openSUSE Leap 15.6

python311-marshmallow-3.20.2-150400.9.10.1

Ссылки

https://www.suse.com/support/update/announcement/2026/suse-su-20260226-1/
Link for SUSE-SU-2026:0226-1
https://lists.suse.com/pipermail/sle-security-updates/2026-January/023858.html
E-Mail link for SUSE-SU-2026:0226-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1255473
SUSE Bug 1255473
https://www.suse.com/security/cve/CVE-2025-68480/
SUSE CVE CVE-2025-68480 page

Описание

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.load(data, many=True) is vulnerable to denial of service attacks. A moderately sized request can consume a disproportionate amount of CPU time. This issue has been patched in version 3.26.2 and 4.1.2.

Затронутые продукты

Image SLES15-SP6-Azure-3P:python311-marshmallow-3.20.2-150400.9.10.1

Image SLES15-SP6-BYOS-Azure:python311-marshmallow-3.20.2-150400.9.10.1

Image SLES15-SP6-BYOS:python311-marshmallow-3.20.2-150400.9.10.1

Image SLES15-SP6-SAP-Azure-3P:python311-marshmallow-3.20.2-150400.9.10.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-68480.html
CVE-2025-68480
https://bugzilla.suse.com/1255473
SUSE Bug 1255473

SUSE-SU-2026:0226-1

Описание

Список пакетов

Image SLES15-SP6

Image SLES15-SP6-Azure-3P

Image SLES15-SP6-BYOS

Image SLES15-SP6-BYOS-Azure

Image SLES15-SP6-SAP-Azure-3P

Image SLES15-SP7-Azure-3P

Image SLES15-SP7-Azure-Basic

Image SLES15-SP7-Azure-Standard

Image SLES15-SP7-BYOS-Azure

Image SLES15-SP7-HPC-Azure

Image SLES15-SP7-Hardened-BYOS-Azure

Image SLES15-SP7-SAP-Azure

Image SLES15-SP7-SAP-Azure-3P

Image SLES15-SP7-SAP-Hardened-Azure

Image SLES15-SP7-SAPCAL-Azure

SUSE Linux Enterprise Module for Public Cloud 15 SP4

SUSE Linux Enterprise Module for Public Cloud 15 SP5

SUSE Linux Enterprise Module for Public Cloud 15 SP6

SUSE Linux Enterprise Module for Public Cloud 15 SP7

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2025-68480

Описание

Затронутые продукты

Ссылки