RHEL 8 : python3.12 (RHSA-2025:14546)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14546 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...

RHEL 8 : python3 (RHSA-2025:14560)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14560 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...

ALSA-2025:14560 Moderate: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Moderate: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

CentOS 9 : python3.9-3.9.23-2.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the python3.9-3.9.23-2.el9 build changelog. - There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementation would proce...

K000153107: Python tarfile Vulnerabilities CVE-2025-4138, CVE-2025-4330

Security Advisory Description CVE-2025-4138 Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar...

TencentOS Server 4: python3.11 (TSSA-2025:0651)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0651 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: python3.12 (TSSA-2025:0650)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0650 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Security Bulletin: AIX/VIOS is affected by arbitrary code execution (CVE-2025-47273, CVE-2025-4330, CVE-2024-12718, CVE-2025-4138, CVE-2025-4517) due to Python

Summary Vulnerabilities in Python could allow an attacker to execute arbitrary code CVE-2025-47273, CVE-2025-4330, CVE-2024-12718, CVE-2025-4138, CVE-2025-4517. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools ...

AIX/VIOS is affected by arbitrary code execution (CVE-2025-47273 CVE-2025-4330 CVE-2024-12718 CVE-2025-4138 CVE-2025-4517) due to Python

IBM SECURITY ADVISORY First Issued: Wed Aug 20 08:31:06 CDT 2025 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/pythonadvisory16.asc Security Bulletin: AIX is affected by arbitrary code execution CVE-2025-47273, CVE-2025-4330,...

Linux Distros Unpatched Vulnerability : CVE-2025-4330

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You...

Important: python

Issue Overview: There is a defect in the CPython "tarfile" module affecting the "TarFile" extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously...

Important: python3

Issue Overview: There is a defect in the CPython "tarfile" module affecting the "TarFile" extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously...

Linux Distros Unpatched Vulnerability : CVE-2025-4517

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Allows arbitrary filesystem writes outside the extraction directory during extraction with filter=data. You are affected by this vulnerability if using the...

Linux Distros Unpatched Vulnerability : CVE-2025-4435

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. Howeve...

Amazon Linux 2 : python3 (ALAS-2025-2962)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2962 advisory. There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementatio...

Amazon Linux 2 : python (ALAS-2025-2961)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2961 advisory. There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementation...

Linux Distros Unpatched Vulnerability : CVE-2025-4138

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You...

ROS-20250819-05

Vulnerability of TarFile.extractall and TarFile.extract functions of tarfile module of Python programming language interpreter CPython is related to incorrect restriction of path name of restricted directory. Python programming language interpreter CPython functions TarFile.extractall and...

ROS-20250819-06

Vulnerability of TarFile.extractall and TarFile.extract functions of tarfile module of Python programming language interpreter CPython is related to incorrect restriction of path name of restricted directory. Python programming language interpreter CPython functions TarFile.extractall and...