openSUSE-SU-2026:20087-1

Опубликовано: 22 янв. 2026

Источник: suse-cvrf

Описание

Security update for python-marshmallow

This update for python-marshmallow fixes the following issues:

CVE-2025-68480: Fixed possible DoS when using Schema.load(data, many=True) (bsc#1255473).

Список пакетов

openSUSE Leap 16.0

python-marshmallow-doc-3.20.2-160000.3.1

python313-marshmallow-3.20.2-160000.3.1

Ссылки

https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1255473
SUSE Bug 1255473
https://www.suse.com/security/cve/CVE-2025-68480/
SUSE CVE CVE-2025-68480 page

Описание

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.load(data, many=True) is vulnerable to denial of service attacks. A moderately sized request can consume a disproportionate amount of CPU time. This issue has been patched in version 3.26.2 and 4.1.2.

Затронутые продукты

openSUSE Leap 16.0:python-marshmallow-doc-3.20.2-160000.3.1

openSUSE Leap 16.0:python313-marshmallow-3.20.2-160000.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-68480.html
CVE-2025-68480
https://bugzilla.suse.com/1255473
SUSE Bug 1255473

openSUSE-SU-2026:20087-1

Описание

Список пакетов

openSUSE Leap 16.0

Ссылки

Уязвимость: CVE-2025-68480

Описание

Затронутые продукты

Ссылки