CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection

xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the parser process. An attacker can cause excessive memory consumption by submitting a specially crafted XML document, resulting in service disruption due to resource exhaustion...

Security update for python311

This update for python311 fixes the following issues: Skip PGO with %wantreproduciblebuilds bsc1239210 CVE-2025-0938: Disallows square brackets and in domain names for parsed URLs bsc1236705. Configure externallymanaged with a bcond bsc1228165. Update to 3.11.11: Tools/Demos gh-123418: Update...

SUSE-SU-2025:20154-1 Security update for python311

This update for python311 fixes the following issues: - Skip PGO with %wantreproduciblebuilds bsc1239210 - CVE-2025-0938: Disallows square brackets and in domain names for parsed URLs bsc1236705. - Configure externallymanaged with a bcond bsc1228165. - Update to 3.11.11: - Tools/Demos - gh-123418...