Описание
Security update for python
This update for python fixes the following issues:
- CVE-2025-13836: Fixed reading an HTTP response from a server, if no read amount is specified, with using Content-Length per default as the length (bsc#1254400)
- CVE-2025-12084: Fixed Denial of Service due to quadratic algorithm in xml.dom.minidom (bsc#1254997).
Список пакетов
SUSE Linux Enterprise Module for Package Hub 15 SP7
libpython2_7-1_0-2.7.18-150000.94.1
python-2.7.18-150000.94.1
python-base-2.7.18-150000.94.1
python-curses-2.7.18-150000.94.1
python-gdbm-2.7.18-150000.94.1
python-xml-2.7.18-150000.94.1
openSUSE Leap 15.6
libpython2_7-1_0-2.7.18-150000.94.1
libpython2_7-1_0-32bit-2.7.18-150000.94.1
python-2.7.18-150000.94.1
python-32bit-2.7.18-150000.94.1
python-base-2.7.18-150000.94.1
python-base-32bit-2.7.18-150000.94.1
python-curses-2.7.18-150000.94.1
python-demo-2.7.18-150000.94.1
python-devel-2.7.18-150000.94.1
python-doc-2.7.18-150000.94.1
python-doc-pdf-2.7.18-150000.94.1
python-gdbm-2.7.18-150000.94.1
python-idle-2.7.18-150000.94.1
python-tk-2.7.18-150000.94.1
python-xml-2.7.18-150000.94.1
Ссылки
- Link for SUSE-SU-2026:0268-1
- E-Mail link for SUSE-SU-2026:0268-1
- SUSE Security Ratings
- SUSE Bug 1254400
- SUSE Bug 1254997
- SUSE CVE CVE-2025-12084 page
- SUSE CVE CVE-2025-13836 page
- SUSE CVE CVE-2025-6075 page
Описание
When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.
Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.94.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.94.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.94.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.94.1
Ссылки
- CVE-2025-12084
- SUSE Bug 1254997
Описание
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.
Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.94.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.94.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.94.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.94.1
Ссылки
- CVE-2025-13836
- SUSE Bug 1254400
Описание
If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.
Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.94.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.94.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.94.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.94.1
Ссылки
- CVE-2025-6075
- SUSE Bug 1252974