Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE 15 SP7: Python313 Low Risk Security Update 2025:4277-1

suse
Calendar Grey November 27, 2025
Dist Suse Esm H88
Python 3 Module 15-SP7 receives a low-severity update addressing two issues with recommendations for installation.
* bsc#1244680 * bsc#1251305 * bsc#1252974 Cross-References:

Summary

## This update for python313 fixes the following issues: Update to 3.13.9: * CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars() (bsc#1252974) * CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory (EOCD) not checked by the 'zipfile' module (bsc#1251305) Other fixes: * Fix readline history truncation when length is reduced * Fixing reproducible build for python-nogil (bsc#1244680) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2025-4277=1 ## Package List: * Python 3 Module 15-SP7 (aarch64 ppc64le s390x x86_64)

Topics%20covered

Topics Covered

security advisory security issue SuSE code execution low python313

References

* bsc#1244680

* bsc#1251305

* bsc#1252974

Cross-

* CVE-2025-6075

* CVE-2025-8291

CVSS scores:

* CVE-2025-6075 ( SUSE ): 1.8

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2025-6075 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

* CVE-2025-6075 ( NVD ): 1.8

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2025-8291 ( SUSE ): 4.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2025-8291 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity
low
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:4277-1
Release Date: 2025-11-27T13:13:44Z
Rating: low

Topics%20covered

Topics Covered

security advisory security issue SuSE code execution low python313

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here