Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
89
security advisorydenial of servicefedoraFedora 42 python3.12 2025-41dc96c19a critical: tarfile bypass and DoS
Update to 3.12.11. gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330] [CVE 2025-4435] [CVE 2025-4517] Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-41dc96c19a 2025-06-14 01:09:53.632854+00:00 -------------------------------------------------------------------------------- Name : python3.12 Product : Fedora 42 Version : 3.12.11 Release : 1.fc42 URL : https://www.python.org/ Summary : Version 3.12 of the Python interpreter Description : Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3.12-libs package, which should be installed automatically along with python3.12. The remaining parts of the Python standard library are broken out into the python3.12-tkinter and python3.12-test packages, which may need to be installed separately. Documentation for Python is provided in the python3.12-docs package. Packages containing additional libraries for Python are generally named with the "python3.12-" prefix. -------------------------------------------------------------------------------- Update Information: Update to 3.12.11. gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330] [CVE 2025-4435] [CVE 2025-4517] Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links. gh-133767: Fix use-after-free in the âunicode-escapeâ decoder with a non-âstrictâ error handler. gh-128840:Short-circuit the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 4 2025 Tomáš HrnÄiar - 3.12.11-1 - Update to 3.12.11 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-41dc96c19a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 42: python3.12 upgrade resolves major tarfile unpacking vulnerabilities and memory issues. Urgent update suggested.. Fedora python3.12 security update, tarfile extraction bypass, denial of service. . Severity: Critical. LinuxSecurity.com Team
Jun 14, 2025
•Critical
Fedora
172
security advisorydenial of serviceUbuntuUbuntu 22.04/20.04/18.04 LTS: USN-7015-5 critical: python DoS
Several security issues were fixed in Python.. ========================================================================== Ubuntu Security Notice USN-7015-5 November 19, 2024 python2.7 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Python. Software Description: - python2.7: An interactive high-level object-oriented language Details: USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding update for CVE-2024-6232 and CVE-2024-6923 for python2.7 in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Original advisory details: It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. (CVE-2023-27043) It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. (CVE-2024-6232) It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. (CVE-2024-6923) It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. (CVE-2024-7592) It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stopresponding, resulting in a denial of service. (CVE-2024-8088) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS python2.7 2.7.18-13ubuntu1.3 python2.7-minimal 2.7.18-13ubuntu1.3 Ubuntu 20.04 LTS python2.7 2.7.18-1~20.04.5 python2.7-minimal 2.7.18-1~20.04.5 Ubuntu 18.04 LTS python2.7 2.7.17-1~18.04ubuntu1.13+esm7 Available with Ubuntu Pro python2.7-minimal 2.7.17-1~18.04ubuntu1.13+esm7 Available with Ubuntu Pro Ubuntu 16.04 LTS python2.7 2.7.12-1ubuntu0~16.04.18+esm12 Available with Ubuntu Pro python2.7-minimal 2.7.12-1ubuntu0~16.04.18+esm12 Available with Ubuntu Pro Ubuntu 14.04 LTS python2.7 2.7.6-8ubuntu0.6+esm21 Available with Ubuntu Pro python2.7-minimal 2.7.6-8ubuntu0.6+esm21 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7015-5 https://ubuntu.com/security/notices/USN-7015-4 https://ubuntu.com/security/notices/USN-7015-3 https://ubuntu.com/security/notices/USN-7015-2 https://ubuntu.com/security/notices/USN-7015-1 CVE-2024-6232, CVE-2024-6923 Package Information: https://launchpad.net/ubuntu/+source/python2.7/2.7.18-13ubuntu1.3 . Recent updates have addressed security flaws in Python across multiple Ubuntu LTS releases. Ensure your system is updated promptly to mitigate risks of DoS attacks.. Python Security, Ubuntu Security Advisory, Python Updates, DoS Protection. . Severity: Critical. LinuxSecurity.com Team
Nov 19, 2024
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!