Azure Linux 3.0 Security Update: python3 (CVE-2025-4517)

The version of python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4517 advisory. - Allows arbitrary filesystem writes outside the extraction directory during extraction with filter=data. You...

CVE-2025-4138

CVE-2025-4138 affects Python’s tarfile module when using TarFile.extractall() or TarFile.extract() with filter='data' or 'tar'. The extraction filter can be bypassed, allowing symlink targets to point outside the destination directory and enabling modification of some file metadata. This issue is...