Security update for python313

This update for python313 fixes the following issues: CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets bsc1247249. CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705. CVE-2025-4435:...

Medium: python3.9

Issue Overview: The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service. CVE-2025-6069 Affected Packages: python3.9 Issue Correction: Run dnf update python3.9 --releasever...

Medium: python3.11

Issue Overview: The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service. CVE-2025-6069 Affected Packages: python3.11 Issue Correction: Run dnf update python3.11 --releasever...

SUSE-SU-2025:02597-1 Security update for python310

This update for python310 fixes the following issues: - CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705...

Security update for python311

This update for python311 fixes the following issues: CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Security update for python311

This update for python311 fixes the following issues: CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705. Update to 3.11.13: Security gh-135034: Fixes multiple issues that allowed tarfile extraction filters filter="data...

Medium: python3

Issue Overview: There is an issue in CPython when using bytes.decode"unicodeescape", error="ignore|replace". If you are not using the "unicodeescape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the...

Medium: python3.12

Issue Overview: The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service. CVE-2025-6069 Affected Packages: python3.12 Issue Correction: Run dnf update python3.12 --releasever...

Medium: python

Issue Overview: The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service. CVE-2025-6069 Affected Packages: python Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository...

AZL-64173 CVE-2025-6069 affecting package python3 for versions less than 3.9.19-14

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service...

UBUNTU-CVE-2025-6069

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service...

CVE-2025-6069 HTMLParser quadratic complexity when processing malformed inputs

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service...

CVE-2025-6069

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the html.parser.HTMLParser process that has worse-case quadratic complexity. An attacker can cause excessive resource consumption and application downtime by submitting specially crafted...

CVE-2022-31743

Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controlled data in them. This vulnerability affects Firefox 101...

Cross-site Scripting (XSS)

lxmlhtmlclean is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of context-switching for special HTML tags such as , , and by the HTML parser in versions prior to 0.4.0, allowing malicious scripts to bypass the cleaning process...

CVE-2024-52595

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...

CVE-2024-52595 HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...

CVE-2024-52595

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...

HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through

Impact The HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags. Specifically, content in CSS comments is ignored by lxmlhtmlclean but may be interpreted differently by web...