Security Bulletin: IBM Storage Ceph is vulnerable to Improper Validation of Specified Index, Position, or Offset in Input in zipfile (CVE-2025-8291)

Summary zipfile is used by IBM Storage Ceph. CVE-2025-8291 This bulletin identifies the steps to take to address the vulnerability in Ceph. Vulnerability Details CVEID:CVE-2025-8291 DESCRIPTION: The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator...

EulerOS 2.0 SP10 : python3 (EulerOS-SA-2026-1345)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to...

SUSE-SU-2025:4297-1 Security update for python311

This update for python311 fixes the following issues: Update to 3.11.14: - CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars bsc1252974 - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory EOCD not checked by the 'zipfile' module bsc1251305...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Python vulnerabilities (USN-7886-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7886-1 advisory. It was discovered that Python inefficiently handled expanding system environment variables. A...

TencentOS Server 4: python3.11 (TSSA-2025:0832)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0832 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Medium: python3

Issue Overview: The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be...

Medium: python3.11

Issue Overview: The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be...

PT-2023-35895 · Unknown · Net.Jsign.Appx

Name of the Vulnerable Software and Affected Versions: net.jsign.appx affected versions not specified Description: A security exception occurs due to a crash in the net.jsign.appx module. The crash happens when reading the Zip64EndOfCentralDirectoryRecord and CentralDirectory in the ZipFile class...