Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Mageia 9: python3 Critical Arbitrary Write Issues MGASA-2025-0280

mageia
Calendar Grey November 12, 2025
Dist Mageia Esm H88
Updated python3 packages for Mageia address significant security issues, including bypass and write vulnerabilities.
MGASA-2025-0280 - Updated python3 packages fix security vulnerabilities

Summary

Description: URL parser allowed square brackets in domain names. (CVE-2025-0938) Mishandling of comma during folding and unicode-encoding of email headers. (CVE-2025-1795) Virtual environment (venv) activation scripts don't quote paths. (CVE-2024-9287) Use-after-free in "unicode_escape" decoder with error handler. (CVE-2025-4516) Bypass extraction filter to modify file metadata outside extraction directory. (CVE-2024-12718) Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory. (CVE-2025-4138) Extraction filter bypass for linking outside extraction directory. (CVE-2025-4330) Tarfile extracts filtered members when errorlevel=0. (CVE-2025-4435) Arbitrary writes via tarfile realpath overflow. (CVE-2025-4517) Tarfile infinite loop during parsing with negative member offset. (CVE-2025-8194)

References

- https://bugs.mageia.org/show_bug.cgi?id=34285

- https://bugs.mageia.org/show_bug.cgi?id=34007

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4FRAYUVWW2DYX7RTRPVFLFADRHABRVQN/

-

- https://ubuntu.com/security/notices/USN-7488-1

- https://www.openwall.com/lists/oss-security/2025/05/16/4

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUW6UXZQE7B4PPK3PK3NZAWP5PVOU5L3/

- https://www.openwall.com/lists/oss-security/2025/06/24/1

- https://www.openwall.com/lists/oss-security/2025/07/28/1

- https://www.cve.org/CVERecord?id=CVE-2025-0938

- https://www.cve.org/CVERecord?id=CVE-2025-1795

- https://www.cve.org/CVERecord?id=CVE-2024-9287

- https://www.cve.org/CVERecord?id=CVE-2025-4516

- https://www.cve.org/CVERecord?id=CVE-2024-12718

- https://www.cve.org/CVERecord?id=CVE-2025-4138

- https://www.cve.org/CVERecord?id=CVE-2025-4330

- https://www.cve.org/CVERecord?id=CVE-2025-4435

- https://www.cve.org/CVERecord?id=CVE-2025-4517

- https://www.cve.org/CVERecord?id=CVE-2025-8194

Resolution

SRPMS

- 9/core/python3-3.10.18-1.4.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 12 Nov 2025
URL: https://advisories.mageia.org/MGASA-2025-0280.html
Type: security
CVE: CVE-2025-0938, CVE-2025-1795, CVE-2024-9287, CVE-2025-4516, CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517, CVE-2025-8194

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here