SUSE-SU-2026:0846-1

Опубликовано: 06 мар. 2026

Источник: suse-cvrf

Описание

Security update for python-Markdown

This update for python-Markdown fixes the following issue:

CVE-2025-69534: incomplete markup declaration in raw HTML can crash applications that process untrusted Markdown (bsc#1259256).

Список пакетов

openSUSE Leap 15.6

python311-Markdown-3.5.2-150600.3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2026/suse-su-20260846-1/
Link for SUSE-SU-2026:0846-1
https://lists.suse.com/pipermail/sle-security-updates/2026-March/024660.html
E-Mail link for SUSE-SU-2026:0846-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1259256
SUSE Bug 1259256
https://www.suse.com/security/cve/CVE-2025-69534/
SUSE CVE CVE-2025-69534 page

Описание

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown may crash. This enables remote, unauthenticated Denial of Service in web applications, documentation systems, CI/CD pipelines, and any service that renders untrusted Markdown. The issue was acknowledged by the vendor and fixed in version 3.8.1. This issue causes a remote Denial of Service in any application parsing untrusted Markdown, and can lead to Information Disclosure through uncaught exceptions.

Затронутые продукты

openSUSE Leap 15.6:python311-Markdown-3.5.2-150600.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-69534.html
CVE-2025-69534
https://bugzilla.suse.com/1259256
SUSE Bug 1259256

SUSE-SU-2026:0846-1

Описание

Список пакетов

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2025-69534

Описание

Затронутые продукты

Ссылки