CVE-2026-48959

IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19 against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration...

IO::Uncompress::Unzip 安全漏洞

IO::Uncompress::Unzip is a decompression library developed by PMQS’s individual developers. Versions of IO::Uncompress::Unzip prior to version 2.220 contained security vulnerabilities. These vulnerabilities stemmed from the byte-reading loop in fastForward, which caused the CPU to be exhausted. I...

CLSA-2026-1778233301 python3.9: Fix of 7 CVEs

CVE-2025-1795: fix incorrect parsing of email addresses with special chars - CVE-2025-4516: fix use-after-free in unicode-escape decoder with non-strict error handler - CVE-2025-6069: fix quadratic complexity in HTMLParser special input - CVE-2025-8291: fix zip64 end-of-central-directory record...

CLSA-2026-1778129970 python3.11: Fix of 7 CVEs

CVE-2026-0672: reject control characters in http.cookies cookie names, values, and parameters to prevent header injection - CVE-2026-3644: reject control characters in Morsel.update, |= operator, and unpickling paths missed by CVE-2026-0672; add output validation to BaseCookie.jsoutput -...

CLSA-2026-1776330599 python3.9: Fix of 11 CVEs

CVE-2025-8291: fix zipfile ZIP64 EOCD Locator offset validation - CVE-2025-6069: fix quadratic complexity in HTMLParser - CVE-2025-4516: fix use-after-free in unicode-escape decoder with error handler - CVE-2026-2297: ensure SourcelessFileLoader uses io.opencode - CVE-2026-3479: reject invalid...

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Validation of Specified Index, Position, or Offset in Input in zipfile (CVE-2025-8291)

Summary zipfile is used by IBM Storage Ceph. CVE-2025-8291 This bulletin identifies the steps to take to address the vulnerability in Ceph. Vulnerability Details CVEID:CVE-2025-8291 DESCRIPTION: The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator...

EulerOS Virtualization 2.12.0 : python3 (EulerOS-SA-2026-1512)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorit...

EulerOS Virtualization 2.10.0 : python3 (EulerOS-SA-2026-1562)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not...

EulerOS 2.0 SP10 : python3 (EulerOS-SA-2026-1345)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to...

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2026-1616)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The 'zipfile' module would not check the validity of the ZIP64 End ofCentral Directory EOCD Locator record offset value would not be used to loca...

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2026-1588)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The 'zipfile' module would not check the validity of the ZIP64 End ofCentral Directory EOCD Locator record offset value would not be used to loca...

EulerOS 2.0 SP12 : python3 (EulerOS-SA-2026-1407)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic...

TencentOS Server 3: python3.12 (TSSA-2026:0033)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0033 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Security update for python

This update for python fixes the following issues: CVE-2025-8291: check validity of the ZIP64 End of Central Directory EOCD in the 'zipfile' module bsc1251305. CVE-2025-12084: prevent quadratic behavior in node ID cache clearing bsc1254997. CVE-2025-13836: prevent reading an HTTP response from a...

cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked

A zip file handling flaw has been discovered in the python standard library zipfile module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record wou...

cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked

A zip file handling flaw has been discovered in the python standard library zipfile module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record wou...

SUSE SLES15 Security Update : python311 (SUSE-SU-2025:4257-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4257-2 advisory. Update to 3.11.14: - CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars bsc1252974 -...

openSUSE 15 Security Update : python310 (SUSE-SU-2025:4352-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4352-1 advisory. Update to 3.10.19: - CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars. bsc1252974 - CVE-2025-8291: Check the...

SUSE-SU-2025:4352-1 Security update for python310

This update for python310 fixes the following issues: Update to 3.10.19: - CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars. bsc1252974 - CVE-2025-8291: Check the validity the ZIP64 End of Central Directory EOCD. bsc1251305...

SUSE-SU-2025:21207-1 Security update for python311

This update for python311 fixes the following issues: Update to 3.11.14: - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory EOCD is not checked by the 'zipfile' module bsc1251305. - CVE-2025-6075: Fixed the value passed to os.path.expandvars is user-controlled a performance...