SUSE: Important Security Advisory for python311 CVE-2025-4138 CVE-2025-4435

suse

August 5, 2025

* bsc#1243155 * bsc#1243273 * bsc#1244032 * bsc#1244056 * bsc#1244059

Summary

## This update for python311 fixes the following issues: * CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705). Update to 3.11.13: * Security * gh-135034: Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links. Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138 (bsc#1244059), CVE-2025-4330 (bsc#1244060), and CVE-2025-4517 (bsc#1244032). Also addresses CVE-2025-4435 (gh#135034, bsc#1244061). * gh-133767: Fix use-after-free in the âunicode-escapeâ decoder with a non-âstrictâ error handler (CVE-2025-4516, bsc#1243273).

Topics Covered

security advisory SuSE DoS important exploitation risk python311

References

* bsc#1243155

* bsc#1243273

* bsc#1244032

* bsc#1244056

* bsc#1244059

* bsc#1244060

* bsc#1244061

* bsc#1244705

Cross-

* CVE-2024-12718

* CVE-2025-4138

* CVE-2025-4330

* CVE-2025-4435

* CVE-2025-4516

* CVE-2025-4517

* CVE-2025-6069

CVSS scores:

* CVE-2024-12718 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

* CVE-2024-12718 ( NVD ): 10.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2024-12718 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

* CVE-2025-4138 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

* CVE-2025-4138 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2025:20539-1

Release Date: 2025-08-01T10:15:51Z

Rating: important

Topics Covered

security advisory SuSE DoS important exploitation risk python311

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: Important Security Advisory for python311 CVE-2025-4138 CVE-2025-4435

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: Important Security Advisory for python311 CVE-2025-4138 CVE-2025-4435

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!