Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2025:02074-1 important: python313 security issues resolved

suse
Calendar Grey June 24, 2025
Dist Suse Esm H88
This patch for python313 addresses several vulnerabilities, significant threats, and data extraction flaws within SUSE platforms.
* bsc#1228165 * bsc#1232241 * bsc#1234290 * bsc#1236705 * bsc#1238450

Summary

## This update for python313 fixes the following issues: Update to version 3.13.5. Security issues fixed: * CVE-2025-4517: arbitrary filesystem writes outside the extraction directory during extraction with filter="data" (bsc#1244032) * CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). * CVE-2025-4330: extraction filter bypass for linking outside extraction directory (bsc#1244060) * CVE-2025-4138: may allow symlink targets to point outside the destination directory, and the modification of some file metadata. (bsc#1244059) * CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse (bsc#1236705). * CVE-2024-12718: bypass extraction filter to modify file metadata outside

Topics%20covered

Topics Covered

security advisory denial of service important suse python313 extraction bypass

References

* bsc#1228165

* bsc#1232241

* bsc#1234290

* bsc#1236705

* bsc#1238450

* bsc#1239210

* bsc#1243273

* bsc#1244032

* bsc#1244056

* bsc#1244059

* bsc#1244060

Cross-

* CVE-2024-12254

* CVE-2024-12718

* CVE-2024-9287

* CVE-2025-0938

* CVE-2025-1795

* CVE-2025-4138

* CVE-2025-4330

* CVE-2025-4516

* CVE-2025-4517

CVSS scores:

* CVE-2024-12254 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2024-12254 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-12254 ( NVD ): 8.7

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:02074-1
Release Date: 2025-06-24T07:26:36Z
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service important suse python313 extraction bypass

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here