Fedora 42 : mingw-python3 (2025-2e992ddfa0)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-2e992ddfa0 advisory. Backport fix for CVE-2025-8194. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Fedora: Security Advisory (FEDORA-2025-64abf2ff21)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 41 : mingw-python3 (2025-64abf2ff21)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-64abf2ff21 advisory. Backport fix for CVE-2025-8194. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

BIT-LIBPYTHON-2024-12718 Bypass extraction filter to modify file metadata outside extraction directory

Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

BIT-LIBPYTHON-2023-41105

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...

BIT-LIBPYTHON-2022-48560

A use-after-free exists in Python through 3.9 via heappushpop in heapq...

BIT-LIBPYTHON-2020-15801

In Python 3.8.4, sys.path restrictions specified in a python38.pth file are ignored, allowing code to be loaded from arbitrary locations. The .pth file e.g., the python.pth file is not affected...

python3.11-setuptools security update

65.5.1-4 - Security fix for CVE-2025-47273 Resolves: RHEL-101113...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-1733)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-1764)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2025:02597-1 Security update for python310

This update for python310 fixes the following issues: - CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705...

AZL-65984 CVE-2025-8194 affecting package python3 for versions less than 3.9.19-15

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

CLSA-2025-1753209568 python3: Fix of 5 CVEs

CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses filter="tar"/filter="data"...

CLSA-2025-1753208636 python3.9: Fix of 5 CVEs

CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses filter="tar"/filter="data"...

CLSA-2025-1752748693 python3.11: Fix of 5 CVEs

CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses filter="tar"/filter="data"...

CLSA-2025-1751145522 python3.11: Fix of CVE-2024-0397

CVE-2024-0397: fix memory race condition in ssl.SSLContext methods certstorestats and getcacerts...

Important: python3.9

Issue Overview: Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using...

Security update for python3

This update for python3 fixes the following issues: CVE-2025-4516: CPython DecodeError Handling Vulnerability bsc1243273 Other fixes: - Add python36- provides/obsoletes to enable SLE-12 - SLE-15 migration bsc1233012 - Update vendored ipaddress module to 3.8 equivalent - Limit buffer size for...

SUSE-SU-2025:02038-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2025-4516: CPython DecodeError Handling Vulnerability bsc1243273 Other fixes: - Add python36- provides/obsoletes to enable SLE-12 - SLE-15 migration bsc1233012 - Update vendored ipaddress module to 3.8 equivalent - Limit buffer size for IP...

AZL-64173 CVE-2025-6069 affecting package python3 for versions less than 3.9.19-14

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service...