USN-7348-2 python3.5, python3.8 regression

USN-7348-1 fixed vulnerabilities in Python. The update introduced a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were...

Security update for python311

This update for python311 fixes the following issues: CVE-2025-1795: Fixed mishandling of comma during folding and unicode-encoding of email headers bsc1238450. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

RLSA-2024:9190 Moderate: python3.12 security update

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable:...

Medium: python3.11

Issue Overview: A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means...

CLSA-2025-1740645663 python3: Fix of CVE-2007-4559

CVE-2007-4559: implement PEP 706 - a filter in the tarfile module to prevent directory traversal vulnerability...

CLSA-2025-1740477793 python3.11: Fix of CVE-2024-6232

CVE-2024-6232: fix excessive backtracking in tarfile.TarFile header parsing to address ReDoS vulnerability...

Fedora: Security Advisory (FEDORA-2025-b353a46e0c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CLSA-2025-1740133056 python3: Fix of CVE-2024-9287

CVE-2024-9287: fix path names quoting to prevent command injection in virtual environment activation scripts...

CLSA-2025-1740132042 python3: Fix of CVE-2024-9287

CVE-2024-9287: fix path names quoting to prevent command injection in virtual environment activation scripts...

Security update for python3

This update for python3 fixes the following issues: CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. bsc1236705 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Security update for python3

This update for python3 fixes the following issues: CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. bsc1236705 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Security update for python311

This update for python311 fixes the following issues: CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. bsc1236705 Other fixes: Update to version 3.11.11. Remove -IVendor/ from python-config. bsc1231795 Patch Instructions: To install this SUSE...

Security update for python3

This update for python3 fixes the following issues: CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. bsc1236705 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:0502-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. bsc1236705...

Rocky Linux Brocade SANnav OVA updates: kernel (RLSA-2024:8856) expat (RLSA-2024:9502, RLSA-2024-6989) bzip2 (RLSA-2024:8922) krb5 (RLSA-2024:8860) and python3 (RLSA-2024:6975)

Rocky Linux updates for SANnav OVA releases. The listed updates are available for OVA deployments of SANnav. kernel RLSA-2024:8856 CVE-2024-44935, CVE-2024-43854, CVE-2024-35898, CVE-2024-27062, CVE-2024-42244, CVE-2024-27017, CVE-2024-42070, CVE-2024-43880, CVE-2023-52492, CVE-2024-46826,...

Use of Weak Hash

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Use of Weak Hash due to the use of a predictable constant value in the Python 3.12 built-in hash function. An attacker can interfere with subsequent...

Medium: python3.11

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

Medium: python3

Issue Overview: CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due ...

CLSA-2024-1734642829 python3.9: Fix of CVE-2024-0450

CVE-2024-0450: Reject zip archives with overlapping entries to prevent quoted- overlap zip-bombs...

Medium: python38-pip

Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...