Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE: python311 Important Vulnerability Fix Advisory 2025:20492-1

suse
Calendar Grey July 25, 2025
Dist Suse Esm H88
A SUSE security announcement regarding python311 has been released, highlighting significant vulnerabilities and crucial update information.
* bsc#1174091 * bsc#1227378 * bsc#1243155 * bsc#1243273 * bsc#1244032

Summary

## This update for python311 fixes the following issues: * CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705). Update to 3.11.13: * Security * gh-135034: Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links. Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138 (bsc#1244059), CVE-2025-4330 (bsc#1244060), and CVE-2025-4517 (bsc#1244032). Also addresses CVE-2025-4435 (gh#135034, bsc#1244061). * gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-“strict” error handler (CVE-2025-4516, bsc#1243273).

Topics%20covered

Topics Covered

security advisory DoS vulnerability important SuSE Linux python311

References

* bsc#1174091

* bsc#1227378

* bsc#1243155

* bsc#1243273

* bsc#1244032

* bsc#1244056

* bsc#1244059

* bsc#1244060

* bsc#1244061

* bsc#1244705

* bsc#831629

Cross-

* CVE-2019-20907

* CVE-2019-9947

* CVE-2020-15523

* CVE-2020-15801

* CVE-2024-12718

* CVE-2025-4138

* CVE-2025-4330

* CVE-2025-4435

* CVE-2025-4516

* CVE-2025-4517

* CVE-2025-6069

CVSS scores:

* CVE-2019-20907 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2019-20907 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2019-9947 ( SUSE ): 5.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

* CVE-2019-9947 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

* CVE-2019-9947 ( NVD ): 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:20492-1
Release Date: 2025-07-11T10:21:17Z
Rating: important

Topics%20covered

Topics Covered

security advisory DoS vulnerability important SuSE Linux python311

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here