Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : Python marshmallow vulnerabilities (USN-8225-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8225-1 advisory. Jared Deckard discovered that Python marshmallow did not correctly handle hiding certain fields. An...

USN-8225-1: Python marshmallow vulnerabilities

Jared Deckard discovered that Python marshmallow did not correctly handle hiding certain fields. An attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 18.04 LTS. CVE-2018-17175 It was discovered that Python marshmallow did not efficiently handle...

SUSE: Security Advisory (SUSE-SU-2026:20130-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 16 Security Update : python-marshmallow (openSUSE-SU-2026:20087-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20087-1 advisory. - CVE-2025-68480: Fixed possible DoS when using Schema.loaddata, many=True bsc1255473. Tenable has extracted the preceding description block directly fr...

openSUSE Security Advisory (SUSE-SU-2026:0226-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : python-marshmallow (SUSE-SU-2026:0226-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0226-1 advisory. - CVE-2025-68480: Fixed possible DoS when using Schema.loaddata, many=True bsc1255473. Tenable has extracted the preceding...

OPENSUSE-SU-2026:20087-1 Security update for python-marshmallow

This update for python-marshmallow fixes the following issues: - CVE-2025-68480: Fixed possible DoS when using Schema.loaddata, many=True bsc1255473...

SUSE-SU-2026:20130-1 Security update for python-marshmallow

This update for python-marshmallow fixes the following issues: - CVE-2025-68480: Fixed possible DoS when using Schema.loaddata, many=True bsc1255473...

Security update for python-marshmallow

This update for python-marshmallow fixes the following issues: CVE-2025-68480: Fixed possible DoS when using Schema.loaddata, many=True bsc1255473. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...

SUSE-SU-2026:0226-1 Security update for python-marshmallow

This update for python-marshmallow fixes the following issues: - CVE-2025-68480: Fixed possible DoS when using Schema.loaddata, many=True bsc1255473...

python311-marshmallow-3.26.2-1.1 on GA media (moderate)

python311-marshmallow-3.26.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10003-1 Rating: moderate Cross-References: CVE-2025-68480 CVSS scores: CVE-2025-68480 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-68480 SUSE : 6.3...

openSUSE Security Advisory (SUSE-SU-2024:1639-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:1639-1 Security update for python-arcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack, python-marshmallow, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-opentelemetry-sdk, python-opentelemetry-semantic-conventions, python-opentelemetry-test-utils, python-pycomposefile, python-pydash, python-redis, python-retrying, python-semver, python-sshtunnel, python-strictyaml, python-sure, python-vcrpy, python-xmltodict

This update for python-argcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack,...

OPENSUSE-SU-2024:11238-1 python-marshmallow-docs-3.11.1-1.3 on GA media

These are all security issues fixed in the python-marshmallow-docs-3.11.1-1.3 package on the GA media of openSUSE Tumbleweed...

Mageia: Security Advisory (MGASA-2019-0065)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2019-0065 Updated python-marshmallow packages fix security vulnerability

In the marshmallow library before 2.15.1 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields if the schema is being filtered dynamically using the "only" option, and there...

Fedora 28 : python-marshmallow (2018-cc9adc4808)

Security fix for CVE-2018-17175 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 7030...

Fedora 29 : python-marshmallow (2018-9006b64e41)

Security fix for CVE-2018-17175 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 7030...

Fedora 27 : python-marshmallow (2018-8b109a6de0)

Security fix for CVE-2018-17175 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 7030...

Fedora Update for python-marshmallow FEDORA-2018-cc9adc4808

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...