93 matches found
Security update for python312
This update for python312 fixes the following issues: Update to Python 3.12.13: CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. CVE-2025-12084: quadratic complexity in xml.minidom node ID cache cleari...
SUSE-SU-2026:1107-1 Security update for python312
This update for python312 fixes the following issues: Update to Python 3.12.13: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...
Security update for python310
This update for python310 fixes the following issues: Update to Python 3.10.20: CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. CVE-2025-12084: quadratic complexity in xml.minidom node ID cache cleari...
SUSE-SU-2026:1062-1 Security update for python310
This update for python310 fixes the following issues: Update to Python 3.10.20: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...
Red Hat Enterprise Linux 安全漏洞
Red Hat Enterprise Linux is a Linux operating system for enterprise users developed by Red Hat Corporation in the United States. Red Hat Enterprise Linux has a security vulnerability, which stems from excessive heap buffer reading in the PCX file loader. This vulnerability may lead to out-of-boun...
Security update for python39
This update for python39 fixes the following issue: CVE-2026-2297: validation bypass via incorrectly handled hook in FileLoader bsc1259240. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can...
OESA-2026-1658 assimp security update
Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability was found in Open...
CLSA-2026-1773683117 gimp: Fix of 4 CVEs
CVE-2026-2044: fix uninitialized memory read in PGM file parser - CVE-2026-2045: fix heap buffer overflow in XWD file loader - CVE-2026-2048: fix out-of-bounds write in XWD file loader - CVE-2026-0797: fix missing fread return value checks in ICO file loader...
OESA-2026-1543 assimp security update
Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability was found in Open...
SUSE CVE-2026-27940
llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the ggufinitfromfileimpl in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread writes 528+ bytes of attacker-controlled data past the buffer boundary. This is...
Fedora 44 : gimp (2026-b930e5c133)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b930e5c133 advisory. This is a security update fixing the loader for PSD files. Tenable has extracted the preceding description block directly from the Fedora security advisory...
BIT-PYTHON-2026-2297 SourcelessFileLoader does not use io.open_code()
The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...
ALPINE-CVE-2026-2297
The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...
CVE-2026-2297
The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...
AZL-79413 CVE-2026-2297 affecting package python3 3.9.19-19
The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...
CVE-2026-2297
The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...
UBUNTU-CVE-2026-2297
The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...
PSF-2026-9
The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...
CVE-2026-2297 SourcelessFileLoader does not use io.open_code()
The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...
Insufficient Logging
Overview Affected versions of this package are vulnerable to Insufficient Logging in the FileLoader class that incorrectly handles legacy SourcelessFileLoader for .pyc files. An attacker can bypass logging mechanisms sys.audit by crafting or manipulating .pyc files to avoid detection or auditing...