Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2025-1136)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1136 advisory. There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error,...

BIT-LIBPYTHON-2023-41105

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...

python3.11-setuptools security update

65.5.1-4 - Security fix for CVE-2025-47273 Resolves: RHEL-101113...

CLSA-2025-1752748693 python3.11: Fix of 5 CVEs

CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses filter="tar"/filter="data"...

CLSA-2025-1751145522 python3.11: Fix of CVE-2024-0397

CVE-2024-0397: fix memory race condition in ssl.SSLContext methods certstorestats and getcacerts...

CLSA-2025-1744623473 python3.11: Fix of CVE-2024-7592

CVE-2024-7592: fix quadratic complexity in parsing "-quoted cookie values with backslashes...

Security update for python311

This update for python311 fixes the following issues: CVE-2025-1795: Fixed mishandling of comma during folding and unicode-encoding of email headers bsc1238450. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Medium: python3.11

Issue Overview: A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means...

CLSA-2025-1740477793 python3.11: Fix of CVE-2024-6232

CVE-2024-6232: fix excessive backtracking in tarfile.TarFile header parsing to address ReDoS vulnerability...

Security update for python311

This update for python311 fixes the following issues: CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. bsc1236705 Other fixes: Update to version 3.11.11. Remove -IVendor/ from python-config. bsc1231795 Patch Instructions: To install this SUSE...

Medium: python3.11

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

Medium: python3.11

Issue Overview: The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which...

Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path...

Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path...

Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path...

Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path...

Important: python3.11

Issue Overview: There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. CVE-2024-6232 Affected Packages: python3.11 Issue Correction: Ru...

Security update for python311

This update for python311 fixes the following issues: CVE-2024-9287: Fixed quoted path names provided when creating a virtual environment bsc1232241. Bug fixes: Drop .pyc files from docdir for reproducible builds bsc1230906. Patch Instructions: To install this SUSE update use the SUSE recommended...

Exploit for CVE-2024-39205

CVE-2024-39205-Pyload-RCE Pyload RCE with js2py sandbox escape...

SUSE-RU-2024:1829-2 Recommended update for python-aliyun-python-sdk, python-aliyun-python-sdk-aas, python-aliyun-python-sdk-acm, python-aliyun-python-sdk-acms-open, python-aliyun-python-sdk-actiontrail, python-aliyun-python-sdk-adb, python-aliyun-python-sdk-adcp, python-aliyun-python-sdk-address-purification, python-aliyun-python-sdk-aegis, python-aliyun-python-sdk-afs, python-aliyun-python-sdk-aigen, python-aliyun-python-sdk-aimiaobi, python-aliyun-python-sdk-airec, python-aliyun-python-sdk-airticketopen, python-aliyun-python-sdk-alb, python-aliyun-python-sdk-alidns, python-aliyun-python-sdk-aligreen-console, python-aliyun-python-sdk-alikafka, python-aliyun-python-sdk-alimt, python-aliyun-python-sdk-alinlp, python-aliyun-python-sdk-aliyuncvc, python-aliyun-python-sdk-amptest, python-aliyun-python-sdk-amqp-open, python-aliyun-python-sdk-antiddos-public, python-aliyun-python-sdk-apds

This update for python-aliyun-python-sdk, python-aliyun-python-sdk-aas, python-aliyun-python-sdk-acm, python-aliyun-python-sdk-acms-open, python-aliyun-python-sdk-actiontrail, python-aliyun-python-sdk-adb, python-aliyun-python-sdk-adcp, python-aliyun-python-sdk-address-purification,...