Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: python311 Important Denial of Service Threat Fix 2025:02717-1

suse
Calendar Grey August 6, 2025
Dist Suse Esm H88
Crucial security update for openSUSE and SUSE Linux addressing significant vulnerabilities in python311 which may lead to potential exploitation.
* bsc#1244061 * bsc#1244705 * bsc#1247249 Cross-References:

Summary

## This update for python311 fixes the following issues: * CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249). * CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705). * CVE-2025-4435: Fixed Tarfile extracting filtered members when errorlevel=0 (bsc#1244061). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-2717=1 openSUSE-SLE-15.6-2025-2717=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2717=1 * Basesystem Module 15-SP7

Topics%20covered

Topics Covered

security advisory denial of service SuSE important exploitable python311

References

* bsc#1244061

* bsc#1244705

* bsc#1247249

Cross-

* CVE-2025-4435

* CVE-2025-6069

* CVE-2025-8194

CVSS scores:

* CVE-2025-4435 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

* CVE-2025-4435 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2025-6069 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H

* CVE-2025-6069 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

* CVE-2025-6069 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

* CVE-2025-8194 ( SUSE ): 7.1

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2025-8194 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2025-8194 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:02717-1
Release Date: 2025-08-06T13:40:11Z
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service SuSE important exploitable python311

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here