PSF-2025-11

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

PT-2025-31145

Name of the Vulnerable Software and Affected Versions CPython versions affected versions not specified Description A defect exists in the CPython “tarfile” module, impacting the “TarFile” extraction and entry enumeration APIs. The tar implementation processes tar archives with negative offsets...

CLSA-2025-1753209568 python3: Fix of 5 CVEs

CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses filter="tar"/filter="data"...

CLSA-2025-1753208636 python3.9: Fix of 5 CVEs

CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses filter="tar"/filter="data"...

CLSA-2025-1753207418 python3: Fix of 5 CVEs

CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses filter="tar"/filter="data"...

Alibaba Cloud Linux 3 : 0121: python3.11 (ALINUX3-SA-2025:0121)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0121 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-12718: Allows modifying some file...

Security update for python3

This update for python3 fixes the following issues: CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory bsc1244056 CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the...

CBL Mariner 2.0 Security Update: python3 (CVE-2025-4138)

The version of python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4138 advisory. - Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination...

Azure Linux 3.0 Security Update: python3 (CVE-2025-4138)

The version of python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4138 advisory. - Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination...

CBL Mariner 2.0 Security Update: python3 (CVE-2025-4330)

The version of python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4330 advisory. - Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination...

Azure Linux 3.0 Security Update: python3 (CVE-2025-4517)

The version of python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4517 advisory. - Allows arbitrary filesystem writes outside the extraction directory during extraction with filter=data. You...

Azure Linux 3.0 Security Update: python3 (CVE-2025-4330)

The version of python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4330 advisory. - Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination...

Azure Linux 3.0 Security Update: python3 (CVE-2024-12718)

The version of python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-12718 advisory. - Allows modifying some file metadata e.g. last modified with filter=data or file permissions chmod with...

CLSA-2025-1752748693 python3.11: Fix of 5 CVEs

CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses filter="tar"/filter="data"...

K000152599: Python tarfile vulnerability CVE-2024-12718

Security Advisory Description Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using...

Security update for python36

This update for python36 fixes the following issues: CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory bsc1244056 CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the...

OESA-2025-1791 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

OESA-2025-1790 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

OESA-2025-1789 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

Security update for python311

This update for python311 fixes the following issues: CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705. Update to 3.11.13: Security gh-135034: Fixes multiple issues that allowed tarfile extraction filters filter="data...