cpython: Tarfile extracts filtered members when errorlevel=0

A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms...

cpython: python: Extraction filter bypass for linking outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...

cpython: Tarfile extracts filtered members when errorlevel=0

A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms...

python: cpython: Arbitrary writes via tarfile realpath overflow

A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall or TarFile.extract methods with the extraction filter parameter set to "data" or "tar"...

ALSA-2025:10140 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

python: cpython: Arbitrary writes via tarfile realpath overflow

A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall or TarFile.extract methods with the extraction filter parameter set to "data" or "tar"...

Security Bulletin: IBM Storage Ceph is vulnerable to zip-bombs leading to denial of service in the RHEL UBI (CVE-2024-0450)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2024-0450 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2024-0450 DESCRIPTION: An issue was found in the CPython zipfile module affecting...

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2025-1032)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1032 advisory. There is an issue in CPython when using bytes.decodeunicodeescape, error=ignore|replace. If you are not using the unicodeescape encoding or an error handler your usage is not affected. To work-around...

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2025-1033)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1033 advisory. There is an issue in CPython when using bytes.decodeunicodeescape, error=ignore|replace. If you are not using the unicodeescape encoding or an error handler your usage is not affected. To work-around...

BIT-PYTHON-MIN-2025-4516 Use-after-free in "unicode_escape" decoder with error handler

There is an issue in CPython when using bytes.decode"unicodeescape", error="ignore|replace". If you are not using the "unicodeescape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode call in ...

BIT-PYTHON-2025-4516 Use-after-free in "unicode_escape" decoder with error handler

There is an issue in CPython when using bytes.decode"unicodeescape", error="ignore|replace". If you are not using the "unicodeescape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode call in ...

TencentOS Server 4: python3.12 (TSSA-2024:0712)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0712 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 3: python3.11 (TSSA-2024:1111)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1111 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 4: python3.11 (TSSA-2024:0947)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0947 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 3: python3.11 (TSSA-2024:0800)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0800 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: python39:3.9 and python39-devel:3.9 (TSSA-2024:0776)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0776 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 4: python3.11 (TSSA-2024:0758)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0758 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 3: python3.11 (TSSA-2024:0514)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0514 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 4: python3.11 (TSSA-2024:0483)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0483 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: python3.12 (TSSA-2024:0710)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0710 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...