Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-0938 (GCVE-0-2025-0938)
Vulnerability from cvelistv5 – Published: 2025-01-31 17:51 – Updated: 2026-04-21 20:14
VLAI?
EPSS
Title
URL parser allowed square brackets in domain names
Summary
The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
9 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.10.17
(python)
Affected: 3.11.0 , < 3.11.12 (python) Affected: 3.12.0 , < 3.12.9 (python) Affected: 3.13.0 , < 3.13.2 (python) Affected: 3.14.0a1 , < 3.14.0a5 (python) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0938",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:50:16.654297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:50:29.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:56:43.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250314-0002/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.10.17",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.11.12",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.9",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.2",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.0a5",
"status": "affected",
"version": "3.14.0a1",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn\u0027t valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.\u003cbr\u003e"
}
],
"value": "The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn\u0027t valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T20:14:13.406Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/105704"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/129418"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/K4EUG6EKV6JYFIC24BASYOZS4M5XOQIB/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/90e526ae67b172ed7c6c56e7edad36263b0f9403"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/a7084f6075c9595ba60119ce8c62f1496f50c568"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/526617ed68cde460236c973e5d0a8bad4de896ba"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/b8b4b713c5f8ec0958c7ef8d29d6711889bc94ab"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/ff4e5c25666f63544071a6b075ae8b25c98b7a32"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "URL parser allowed square brackets in domain names",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-0938",
"datePublished": "2025-01-31T17:51:35.898Z",
"dateReserved": "2025-01-31T17:45:10.107Z",
"dateUpdated": "2026-04-21T20:14:13.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-0938",
"date": "2026-05-21",
"epss": "0.01639",
"percentile": "0.82158"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-0938\",\"sourceIdentifier\":\"cna@python.org\",\"published\":\"2025-01-31T18:15:38.053\",\"lastModified\":\"2025-11-03T21:18:49.613\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn\u0027t valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.\"},{\"lang\":\"es\",\"value\":\"Las funciones est\u00e1ndar librer\u00eda de Python `urllib.parse.urlsplit` y `urlparse` aceptaban nombres de dominio que inclu\u00edan corchetes, lo que no es v\u00e1lido seg\u00fan RFC 3986. Los corchetes solo se deben usar como delimitadores para especificar hosts IPv6 e IPvFuture en las URL. Esto podr\u00eda generar un an\u00e1lisis diferencial entre el analizador de URL de Python y otros analizadores de URL que cumplen con las especificaciones.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@python.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"cna@python.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"references\":[{\"url\":\"https://github.com/python/cpython/commit/526617ed68cde460236c973e5d0a8bad4de896ba\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/90e526ae67b172ed7c6c56e7edad36263b0f9403\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/a7084f6075c9595ba60119ce8c62f1496f50c568\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/b8b4b713c5f8ec0958c7ef8d29d6711889bc94ab\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/ff4e5c25666f63544071a6b075ae8b25c98b7a32\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/issues/105704\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/pull/129418\",\"source\":\"cna@python.org\"},{\"url\":\"https://mail.python.org/archives/list/security-announce@python.org/thread/K4EUG6EKV6JYFIC24BASYOZS4M5XOQIB/\",\"source\":\"cna@python.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/03/msg00013.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20250314-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20250314-0002/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/03/msg00013.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T20:56:43.285Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-0938\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-31T18:50:16.654297Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-31T18:50:24.989Z\"}}], \"cna\": {\"title\": \"URL parser allowed square brackets in domain names\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/python/cpython\", \"vendor\": \"Python Software Foundation\", \"product\": \"CPython\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.10.17\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"3.11.0\", \"lessThan\": \"3.11.12\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"3.12.0\", \"lessThan\": \"3.12.9\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"3.13.0\", \"lessThan\": \"3.13.2\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"3.14.0a1\", \"lessThan\": \"3.14.0a5\", \"versionType\": \"python\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/python/cpython/issues/105704\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://github.com/python/cpython/pull/129418\", \"tags\": [\"patch\"]}, {\"url\": \"https://mail.python.org/archives/list/security-announce@python.org/thread/K4EUG6EKV6JYFIC24BASYOZS4M5XOQIB/\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/python/cpython/commit/d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/90e526ae67b172ed7c6c56e7edad36263b0f9403\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/a7084f6075c9595ba60119ce8c62f1496f50c568\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/526617ed68cde460236c973e5d0a8bad4de896ba\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/b8b4b713c5f8ec0958c7ef8d29d6711889bc94ab\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/ff4e5c25666f63544071a6b075ae8b25c98b7a32\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn\u0027t valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn\u0027t valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"28c92f92-d60d-412d-b760-e73465c3df22\", \"shortName\": \"PSF\", \"dateUpdated\": \"2026-04-21T20:14:13.406Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-0938\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-21T20:14:13.406Z\", \"dateReserved\": \"2025-01-31T17:45:10.107Z\", \"assignerOrgId\": \"28c92f92-d60d-412d-b760-e73465c3df22\", \"datePublished\": \"2025-01-31T17:51:35.898Z\", \"assignerShortName\": \"PSF\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2025:8385
Vulnerability from csaf_redhat - Published: 2025-06-02 14:07 - Updated: 2026-05-06 08:40Summary
Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage
Severity
Moderate
Notes
Topic: A Subscription Management tool for finding and reporting Red Hat product usage
Details: Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their operating systems, and relevant configuration data stored within them. Discovery also identifies and reports more detailed facts for some versions of key Red Hat packages and products that it finds in the network.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.
7.0 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64 | — | ||
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64 | — |
Threats
Impact
Low
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.
6.5 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.
6.5 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.
5.6 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64 | — |
Workaround
|
Threats
Impact
Moderate
An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.
5.6 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64 | — | ||
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with "remote:" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.
6.8 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.
6.8 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64 | — |
Workaround
|
Threats
Impact
Moderate
References
79 references
Acknowledgments
Google Project Zero
Jann Horn
Red Hat
Tomas Korbar
Sandipan Roy
libexpat
Sebastian Pipping
Google
Simon Scannell
Pedro Gallegos
Jasiel Spelman
Google
Simon Scannell
Jasiel Spelman
Pedro Gallegos
Bing Shi
Aleksei Gorban "loqpa"
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A Subscription Management tool for finding and reporting Red Hat product usage",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their operating systems, and relevant configuration data stored within them. Discovery also identifies and reports more detailed facts for some versions of key Red Hat packages and products that it finds in the network.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8385",
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-4752",
"url": "https://access.redhat.com/security/cve/CVE-2023-4752"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-12087",
"url": "https://access.redhat.com/security/cve/CVE-2024-12087"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-12088",
"url": "https://access.redhat.com/security/cve/CVE-2024-12088"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-12133",
"url": "https://access.redhat.com/security/cve/CVE-2024-12133"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-12243",
"url": "https://access.redhat.com/security/cve/CVE-2024-12243"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-12747",
"url": "https://access.redhat.com/security/cve/CVE-2024-12747"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-35195",
"url": "https://access.redhat.com/security/cve/CVE-2024-35195"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-52005",
"url": "https://access.redhat.com/security/cve/CVE-2024-52005"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-8176",
"url": "https://access.redhat.com/security/cve/CVE-2024-8176"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-0938",
"url": "https://access.redhat.com/security/cve/CVE-2025-0938"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-24528",
"url": "https://access.redhat.com/security/cve/CVE-2025-24528"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-26465",
"url": "https://access.redhat.com/security/cve/CVE-2025-26465"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
"url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8385.json"
}
],
"title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
"tracking": {
"current_release_date": "2026-05-06T08:40:09+00:00",
"generator": {
"date": "2026-05-06T08:40:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2025:8385",
"initial_release_date": "2025-06-02T14:07:46+00:00",
"revision_history": [
{
"date": "2025-06-02T14:07:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-02T14:07:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-06T08:40:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Discovery 1.14",
"product": {
"name": "Red Hat Discovery 1.14",
"product_id": "Red Hat Discovery 1.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:discovery:1.14::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Discovery"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3Af33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1.14.3-1748529279"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1.14.2-1748467619"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3Aad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1.14.3-1748529279"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3Ac960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1.14.2-1748467619"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64 as a component of Red Hat Discovery 1.14",
"product_id": "Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"relates_to_product_reference": "Red Hat Discovery 1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64 as a component of Red Hat Discovery 1.14",
"product_id": "Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"relates_to_product_reference": "Red Hat Discovery 1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64 as a component of Red Hat Discovery 1.14",
"product_id": "Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"relates_to_product_reference": "Red Hat Discovery 1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64 as a component of Red Hat Discovery 1.14",
"product_id": "Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64",
"relates_to_product_reference": "Red Hat Discovery 1.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4752",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-09-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237311"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: use-after-free in function ins_compl_get_exp in vim/vim",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having a Low security impact, because the \"victim\" has to run an untrusted file IN SCRIPT MODE. Someone who is running untrusted files in script mode is equivalent to someone just taking a random python script and running it.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4752"
},
{
"category": "external",
"summary": "RHBZ#2237311",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237311"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4752"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757",
"url": "https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757"
}
],
"release_date": "2023-09-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-02T14:07:46+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "vim: use-after-free in function ins_compl_get_exp in vim/vim"
},
{
"acknowledgments": [
{
"names": [
"Jann Horn"
],
"organization": "Google Project Zero"
},
{
"names": [
"Tomas Korbar",
"Sandipan Roy"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
},
{
"names": [
"Sebastian Pipping"
],
"organization": "libexpat"
}
],
"cve": "CVE-2024-8176",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-06-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310137"
}
],
"notes": [
{
"category": "description",
"text": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All supported Red Hat offerings are built with the compilation flag (-fstack-clash-protection) which reduces the impact to Moderate. This build configuration blocks the possibility of an attacker gaining arbitrary code execution even if a stack-clash vulnerability, like this one, could be exploited.\n\nThis vulnerability is rated Moderate because Red Hat builds use the `-fstack-clash-protection` compiler flag, which mitigates the risk of arbitrary code execution from stack overflows. While the flaw allows a crash via uncontrolled recursion in XML parsing, the hardened stack layout prevents reliable memory corruption, limiting the impact to a Denial of Service (DoS) scenario.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-8176"
},
{
"category": "external",
"summary": "RHBZ#2310137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310137"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-8176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8176"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/893",
"url": "https://github.com/libexpat/libexpat/issues/893"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/973",
"url": "https://github.com/libexpat/libexpat/pull/973"
}
],
"release_date": "2025-03-13T13:51:54.957000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-02T14:07:46+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat"
},
{
"acknowledgments": [
{
"names": [
"Simon Scannell",
"Pedro Gallegos",
"Jasiel Spelman"
],
"organization": "Google"
}
],
"cve": "CVE-2024-12087",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-12-05T21:23:24.139000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2330672"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client\u0027s intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsync: Path traversal vulnerability in rsync",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this flaw to have moderate severity as it depends on specific configurations for the attack to succeed, symbolic link syncing must be enabled (explicitly by providing the `--links` option or implicitly such as with `--archive`) and the client must connect to a malicious or compromised server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12087"
},
{
"category": "external",
"summary": "RHBZ#2330672",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330672"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12087"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12087",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12087"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/952657",
"url": "https://kb.cert.org/vuls/id/952657"
}
],
"release_date": "2025-01-14T15:06:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-02T14:07:46+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rsync: Path traversal vulnerability in rsync"
},
{
"acknowledgments": [
{
"names": [
"Simon Scannell",
"Jasiel Spelman",
"Pedro Gallegos"
],
"organization": "Google"
}
],
"cve": "CVE-2024-12088",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-12-05T21:55:22.700000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2330676"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsync: --safe-links option bypass leads to path traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability requires user interaction to be triggered, as the rsync client must first establish a connection/have access to the malicious rsync server (at least anonymous read-access).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12088"
},
{
"category": "external",
"summary": "RHBZ#2330676",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330676"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12088"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12088",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12088"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/952657",
"url": "https://kb.cert.org/vuls/id/952657"
}
],
"release_date": "2025-01-14T15:06:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-02T14:07:46+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rsync: --safe-links option bypass leads to path traversal"
},
{
"acknowledgments": [
{
"names": [
"Bing Shi"
]
}
],
"cve": "CVE-2024-12133",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2025-02-10T08:14:05.460000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344611"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12133"
},
{
"category": "external",
"summary": "RHBZ#2344611",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344611"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12133",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12133"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md",
"url": "https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/libtasn1/-/issues/52",
"url": "https://gitlab.com/gnutls/libtasn1/-/issues/52"
}
],
"release_date": "2025-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-02T14:07:46+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS"
},
{
"acknowledgments": [
{
"names": [
"Bing Shi"
]
}
],
"cve": "CVE-2024-12243",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2025-02-10T08:33:56.422000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344615"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12243"
},
{
"category": "external",
"summary": "RHBZ#2344615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12243",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12243"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/gnutls/-/issues/1553",
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1553"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/libtasn1/-/issues/52",
"url": "https://gitlab.com/gnutls/libtasn1/-/issues/52"
}
],
"release_date": "2025-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-02T14:07:46+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS"
},
{
"acknowledgments": [
{
"names": [
"Aleksei Gorban \"loqpa\""
]
}
],
"cve": "CVE-2024-12747",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2024-12-18T07:12:52.493000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2332968"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in rsync. This vulnerability arises from a race condition during rsync\u0027s handling of symbolic links. Rsync\u0027s default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsync: Race Condition in rsync Handling Symbolic Links",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12747"
},
{
"category": "external",
"summary": "RHBZ#2332968",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332968"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12747"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12747",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12747"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/952657",
"url": "https://kb.cert.org/vuls/id/952657"
}
],
"release_date": "2025-01-14T15:06:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-02T14:07:46+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rsync: Race Condition in rsync Handling Symbolic Links"
},
{
"cve": "CVE-2024-35195",
"cwe": {
"id": "CWE-670",
"name": "Always-Incorrect Control Flow Implementation"
},
"discovery_date": "2024-05-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2282114"
}
],
"notes": [
{
"category": "description",
"text": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "requests: subsequent requests to the same host ignore cert verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-35195"
},
{
"category": "external",
"summary": "RHBZ#2282114",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282114"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-35195",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35195"
},
{
"category": "external",
"summary": "https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56",
"url": "https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56"
}
],
"release_date": "2024-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-02T14:07:46+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "requests: subsequent requests to the same host ignore cert verification"
},
{
"cve": "CVE-2024-52005",
"cwe": {
"id": "CWE-838",
"name": "Inappropriate Encoding for Output Context"
},
"discovery_date": "2025-01-15T18:01:05.807300+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2338289"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "git: The sideband payload is passed unfiltered to the terminal in git",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as moderate rather than important because it primarily affects informational messages rather than directly compromising repository integrity or executing arbitrary code. The issue arises from Git\u0027s failure to sanitize ANSI escape sequences in messages received over the sideband channel, which could allow a malicious remote repository to manipulate terminal output. However, exploitation requires user interaction, such as manually copying and executing misleading commands. Unlike higher-severity vulnerabilities, this does not provide direct unauthorized access, remote code execution, or privilege escalation, limiting its overall impact. The risk is further mitigated by best practices, such as avoiding recursive clones from untrusted sources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
],
"known_not_affected": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-52005"
},
{
"category": "external",
"summary": "RHBZ#2338289",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2338289"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-52005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52005"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-52005",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52005"
},
{
"category": "external",
"summary": "https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329",
"url": "https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329"
},
{
"category": "external",
"summary": "https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net",
"url": "https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net"
}
],
"release_date": "2025-01-15T17:35:02.379000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-02T14:07:46+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "git: The sideband payload is passed unfiltered to the terminal in git"
},
{
"cve": "CVE-2025-0938",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-01-31T18:00:46.128427+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2343237"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn\u0027t valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: cpython: URL parser allowed square brackets in domain names",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-0938"
},
{
"category": "external",
"summary": "RHBZ#2343237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-0938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0938"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/105704",
"url": "https://github.com/python/cpython/issues/105704"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/129418",
"url": "https://github.com/python/cpython/pull/129418"
}
],
"release_date": "2025-01-31T17:51:35.898000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-02T14:07:46+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: cpython: URL parser allowed square brackets in domain names"
},
{
"cve": "CVE-2025-24528",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-01-29T13:47:59.362000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342796"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "krb5: overflow when calculating ulog block size",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-24528"
},
{
"category": "external",
"summary": "RHBZ#2342796",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342796"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-24528",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-24528",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24528"
},
{
"category": "external",
"summary": "https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0",
"url": "https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0"
}
],
"release_date": "2024-01-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-02T14:07:46+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "krb5: overflow when calculating ulog block size"
},
{
"cve": "CVE-2025-26465",
"cwe": {
"id": "CWE-390",
"name": "Detection of Error Condition Without Action"
},
"discovery_date": "2025-02-10T21:56:03.853000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344780"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client\u0027s memory resource first, turning the attack complexity high.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is rated as a moderate severity vulnerability instead of important because it requires specific conditions to be exploitable. First, the OpenSSH client must have the VerifyHostKeyDNS option enabled, which is disabled by default in Red Hat Enterprise Linux (RHEL). \n\nAdditionally, while the attack allows a machine-in-the-middle (MITM) adversary to trick the client into accepting an incorrect host key, it does not directly lead to code execution or immediate system compromise. Instead, the attack requires additional steps, such as credential interception or session hijacking to fully exploit the breach.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
],
"known_not_affected": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-26465"
},
{
"category": "external",
"summary": "RHBZ#2344780",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344780"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-26465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26465"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-26465",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26465"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/7109879",
"url": "https://access.redhat.com/solutions/7109879"
},
{
"category": "external",
"summary": "https://seclists.org/oss-sec/2025/q1/144",
"url": "https://seclists.org/oss-sec/2025/q1/144"
}
],
"release_date": "2025-02-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-02T14:07:46+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer RPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c_arm64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644_amd64",
"Red Hat Discovery 1.14:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled"
}
]
}
RHSA-2026:5588
Vulnerability from csaf_redhat - Published: 2026-03-24 10:39 - Updated: 2026-03-26 23:10Summary
Red Hat Security Advisory: python3 security update
Severity
Moderate
Notes
Topic: An update for python3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
* python: cpython: URL parser allowed square brackets in domain names (CVE-2025-0938)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.
6.8 (Medium)
Affected products
Fixed
92 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-0:3.6.8-74.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-0:3.6.8-74.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for python3 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* python: cpython: URL parser allowed square brackets in domain names (CVE-2025-0938)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5588",
"url": "https://access.redhat.com/errata/RHSA-2026:5588"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2343237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343237"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5588.json"
}
],
"title": "Red Hat Security Advisory: python3 security update",
"tracking": {
"current_release_date": "2026-03-26T23:10:13+00:00",
"generator": {
"date": "2026-03-26T23:10:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2026:5588",
"initial_release_date": "2026-03-24T10:39:22+00:00",
"revision_history": [
{
"date": "2026-03-24T10:39:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-24T10:39:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-26T23:10:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "platform-python-0:3.6.8-74.el8_10.i686",
"product": {
"name": "platform-python-0:3.6.8-74.el8_10.i686",
"product_id": "platform-python-0:3.6.8-74.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/platform-python@3.6.8-74.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "platform-python-debug-0:3.6.8-74.el8_10.i686",
"product": {
"name": "platform-python-debug-0:3.6.8-74.el8_10.i686",
"product_id": "platform-python-debug-0:3.6.8-74.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/platform-python-debug@3.6.8-74.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "platform-python-devel-0:3.6.8-74.el8_10.i686",
"product": {
"name": "platform-python-devel-0:3.6.8-74.el8_10.i686",
"product_id": "platform-python-devel-0:3.6.8-74.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/platform-python-devel@3.6.8-74.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-idle-0:3.6.8-74.el8_10.i686",
"product": {
"name": "python3-idle-0:3.6.8-74.el8_10.i686",
"product_id": "python3-idle-0:3.6.8-74.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-idle@3.6.8-74.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-test-0:3.6.8-74.el8_10.i686",
"product": {
"name": "python3-test-0:3.6.8-74.el8_10.i686",
"product_id": "python3-test-0:3.6.8-74.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-test@3.6.8-74.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-tkinter-0:3.6.8-74.el8_10.i686",
"product": {
"name": "python3-tkinter-0:3.6.8-74.el8_10.i686",
"product_id": "python3-tkinter-0:3.6.8-74.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-tkinter@3.6.8-74.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-debugsource-0:3.6.8-74.el8_10.i686",
"product": {
"name": "python3-debugsource-0:3.6.8-74.el8_10.i686",
"product_id": "python3-debugsource-0:3.6.8-74.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-debugsource@3.6.8-74.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-debuginfo-0:3.6.8-74.el8_10.i686",
"product": {
"name": "python3-debuginfo-0:3.6.8-74.el8_10.i686",
"product_id": "python3-debuginfo-0:3.6.8-74.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-debuginfo@3.6.8-74.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-libs-0:3.6.8-74.el8_10.i686",
"product": {
"name": "python3-libs-0:3.6.8-74.el8_10.i686",
"product_id": "python3-libs-0:3.6.8-74.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libs@3.6.8-74.el8_10?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "platform-python-debug-0:3.6.8-74.el8_10.x86_64",
"product": {
"name": "platform-python-debug-0:3.6.8-74.el8_10.x86_64",
"product_id": "platform-python-debug-0:3.6.8-74.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/platform-python-debug@3.6.8-74.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "platform-python-devel-0:3.6.8-74.el8_10.x86_64",
"product": {
"name": "platform-python-devel-0:3.6.8-74.el8_10.x86_64",
"product_id": "platform-python-devel-0:3.6.8-74.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/platform-python-devel@3.6.8-74.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-idle-0:3.6.8-74.el8_10.x86_64",
"product": {
"name": "python3-idle-0:3.6.8-74.el8_10.x86_64",
"product_id": "python3-idle-0:3.6.8-74.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-idle@3.6.8-74.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-tkinter-0:3.6.8-74.el8_10.x86_64",
"product": {
"name": "python3-tkinter-0:3.6.8-74.el8_10.x86_64",
"product_id": "python3-tkinter-0:3.6.8-74.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-tkinter@3.6.8-74.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-debugsource-0:3.6.8-74.el8_10.x86_64",
"product": {
"name": "python3-debugsource-0:3.6.8-74.el8_10.x86_64",
"product_id": "python3-debugsource-0:3.6.8-74.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-debugsource@3.6.8-74.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-debuginfo-0:3.6.8-74.el8_10.x86_64",
"product": {
"name": "python3-debuginfo-0:3.6.8-74.el8_10.x86_64",
"product_id": "python3-debuginfo-0:3.6.8-74.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-debuginfo@3.6.8-74.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "platform-python-0:3.6.8-74.el8_10.x86_64",
"product": {
"name": "platform-python-0:3.6.8-74.el8_10.x86_64",
"product_id": "platform-python-0:3.6.8-74.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/platform-python@3.6.8-74.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libs-0:3.6.8-74.el8_10.x86_64",
"product": {
"name": "python3-libs-0:3.6.8-74.el8_10.x86_64",
"product_id": "python3-libs-0:3.6.8-74.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libs@3.6.8-74.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-test-0:3.6.8-74.el8_10.x86_64",
"product": {
"name": "python3-test-0:3.6.8-74.el8_10.x86_64",
"product_id": "python3-test-0:3.6.8-74.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-test@3.6.8-74.el8_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "platform-python-debug-0:3.6.8-74.el8_10.aarch64",
"product": {
"name": "platform-python-debug-0:3.6.8-74.el8_10.aarch64",
"product_id": "platform-python-debug-0:3.6.8-74.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/platform-python-debug@3.6.8-74.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "platform-python-devel-0:3.6.8-74.el8_10.aarch64",
"product": {
"name": "platform-python-devel-0:3.6.8-74.el8_10.aarch64",
"product_id": "platform-python-devel-0:3.6.8-74.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/platform-python-devel@3.6.8-74.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-idle-0:3.6.8-74.el8_10.aarch64",
"product": {
"name": "python3-idle-0:3.6.8-74.el8_10.aarch64",
"product_id": "python3-idle-0:3.6.8-74.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-idle@3.6.8-74.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-tkinter-0:3.6.8-74.el8_10.aarch64",
"product": {
"name": "python3-tkinter-0:3.6.8-74.el8_10.aarch64",
"product_id": "python3-tkinter-0:3.6.8-74.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-tkinter@3.6.8-74.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-debugsource-0:3.6.8-74.el8_10.aarch64",
"product": {
"name": "python3-debugsource-0:3.6.8-74.el8_10.aarch64",
"product_id": "python3-debugsource-0:3.6.8-74.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-debugsource@3.6.8-74.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-debuginfo-0:3.6.8-74.el8_10.aarch64",
"product": {
"name": "python3-debuginfo-0:3.6.8-74.el8_10.aarch64",
"product_id": "python3-debuginfo-0:3.6.8-74.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-debuginfo@3.6.8-74.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "platform-python-0:3.6.8-74.el8_10.aarch64",
"product": {
"name": "platform-python-0:3.6.8-74.el8_10.aarch64",
"product_id": "platform-python-0:3.6.8-74.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/platform-python@3.6.8-74.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libs-0:3.6.8-74.el8_10.aarch64",
"product": {
"name": "python3-libs-0:3.6.8-74.el8_10.aarch64",
"product_id": "python3-libs-0:3.6.8-74.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libs@3.6.8-74.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-test-0:3.6.8-74.el8_10.aarch64",
"product": {
"name": "python3-test-0:3.6.8-74.el8_10.aarch64",
"product_id": "python3-test-0:3.6.8-74.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-test@3.6.8-74.el8_10?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "platform-python-debug-0:3.6.8-74.el8_10.ppc64le",
"product": {
"name": "platform-python-debug-0:3.6.8-74.el8_10.ppc64le",
"product_id": "platform-python-debug-0:3.6.8-74.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/platform-python-debug@3.6.8-74.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "platform-python-devel-0:3.6.8-74.el8_10.ppc64le",
"product": {
"name": "platform-python-devel-0:3.6.8-74.el8_10.ppc64le",
"product_id": "platform-python-devel-0:3.6.8-74.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/platform-python-devel@3.6.8-74.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-idle-0:3.6.8-74.el8_10.ppc64le",
"product": {
"name": "python3-idle-0:3.6.8-74.el8_10.ppc64le",
"product_id": "python3-idle-0:3.6.8-74.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-idle@3.6.8-74.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-tkinter-0:3.6.8-74.el8_10.ppc64le",
"product": {
"name": "python3-tkinter-0:3.6.8-74.el8_10.ppc64le",
"product_id": "python3-tkinter-0:3.6.8-74.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-tkinter@3.6.8-74.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-debugsource-0:3.6.8-74.el8_10.ppc64le",
"product": {
"name": "python3-debugsource-0:3.6.8-74.el8_10.ppc64le",
"product_id": "python3-debugsource-0:3.6.8-74.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-debugsource@3.6.8-74.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-debuginfo-0:3.6.8-74.el8_10.ppc64le",
"product": {
"name": "python3-debuginfo-0:3.6.8-74.el8_10.ppc64le",
"product_id": "python3-debuginfo-0:3.6.8-74.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-debuginfo@3.6.8-74.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "platform-python-0:3.6.8-74.el8_10.ppc64le",
"product": {
"name": "platform-python-0:3.6.8-74.el8_10.ppc64le",
"product_id": "platform-python-0:3.6.8-74.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/platform-python@3.6.8-74.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libs-0:3.6.8-74.el8_10.ppc64le",
"product": {
"name": "python3-libs-0:3.6.8-74.el8_10.ppc64le",
"product_id": "python3-libs-0:3.6.8-74.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libs@3.6.8-74.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-test-0:3.6.8-74.el8_10.ppc64le",
"product": {
"name": "python3-test-0:3.6.8-74.el8_10.ppc64le",
"product_id": "python3-test-0:3.6.8-74.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-test@3.6.8-74.el8_10?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "platform-python-debug-0:3.6.8-74.el8_10.s390x",
"product": {
"name": "platform-python-debug-0:3.6.8-74.el8_10.s390x",
"product_id": "platform-python-debug-0:3.6.8-74.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/platform-python-debug@3.6.8-74.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "platform-python-devel-0:3.6.8-74.el8_10.s390x",
"product": {
"name": "platform-python-devel-0:3.6.8-74.el8_10.s390x",
"product_id": "platform-python-devel-0:3.6.8-74.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/platform-python-devel@3.6.8-74.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-idle-0:3.6.8-74.el8_10.s390x",
"product": {
"name": "python3-idle-0:3.6.8-74.el8_10.s390x",
"product_id": "python3-idle-0:3.6.8-74.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-idle@3.6.8-74.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-tkinter-0:3.6.8-74.el8_10.s390x",
"product": {
"name": "python3-tkinter-0:3.6.8-74.el8_10.s390x",
"product_id": "python3-tkinter-0:3.6.8-74.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-tkinter@3.6.8-74.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-debugsource-0:3.6.8-74.el8_10.s390x",
"product": {
"name": "python3-debugsource-0:3.6.8-74.el8_10.s390x",
"product_id": "python3-debugsource-0:3.6.8-74.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-debugsource@3.6.8-74.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-debuginfo-0:3.6.8-74.el8_10.s390x",
"product": {
"name": "python3-debuginfo-0:3.6.8-74.el8_10.s390x",
"product_id": "python3-debuginfo-0:3.6.8-74.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-debuginfo@3.6.8-74.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "platform-python-0:3.6.8-74.el8_10.s390x",
"product": {
"name": "platform-python-0:3.6.8-74.el8_10.s390x",
"product_id": "platform-python-0:3.6.8-74.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/platform-python@3.6.8-74.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libs-0:3.6.8-74.el8_10.s390x",
"product": {
"name": "python3-libs-0:3.6.8-74.el8_10.s390x",
"product_id": "python3-libs-0:3.6.8-74.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libs@3.6.8-74.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-test-0:3.6.8-74.el8_10.s390x",
"product": {
"name": "python3-test-0:3.6.8-74.el8_10.s390x",
"product_id": "python3-test-0:3.6.8-74.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-test@3.6.8-74.el8_10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-0:3.6.8-74.el8_10.src",
"product": {
"name": "python3-0:3.6.8-74.el8_10.src",
"product_id": "python3-0:3.6.8-74.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3@3.6.8-74.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-0:3.6.8-74.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.aarch64"
},
"product_reference": "platform-python-0:3.6.8-74.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-0:3.6.8-74.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.i686"
},
"product_reference": "platform-python-0:3.6.8-74.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-0:3.6.8-74.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.ppc64le"
},
"product_reference": "platform-python-0:3.6.8-74.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-0:3.6.8-74.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.s390x"
},
"product_reference": "platform-python-0:3.6.8-74.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-0:3.6.8-74.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.x86_64"
},
"product_reference": "platform-python-0:3.6.8-74.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-debug-0:3.6.8-74.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.aarch64"
},
"product_reference": "platform-python-debug-0:3.6.8-74.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-debug-0:3.6.8-74.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.i686"
},
"product_reference": "platform-python-debug-0:3.6.8-74.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-debug-0:3.6.8-74.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.ppc64le"
},
"product_reference": "platform-python-debug-0:3.6.8-74.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-debug-0:3.6.8-74.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.s390x"
},
"product_reference": "platform-python-debug-0:3.6.8-74.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-debug-0:3.6.8-74.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.x86_64"
},
"product_reference": "platform-python-debug-0:3.6.8-74.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-devel-0:3.6.8-74.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.aarch64"
},
"product_reference": "platform-python-devel-0:3.6.8-74.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-devel-0:3.6.8-74.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.i686"
},
"product_reference": "platform-python-devel-0:3.6.8-74.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-devel-0:3.6.8-74.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.ppc64le"
},
"product_reference": "platform-python-devel-0:3.6.8-74.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-devel-0:3.6.8-74.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.s390x"
},
"product_reference": "platform-python-devel-0:3.6.8-74.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-devel-0:3.6.8-74.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.x86_64"
},
"product_reference": "platform-python-devel-0:3.6.8-74.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-0:3.6.8-74.el8_10.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-0:3.6.8-74.el8_10.src"
},
"product_reference": "python3-0:3.6.8-74.el8_10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-debuginfo-0:3.6.8-74.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.aarch64"
},
"product_reference": "python3-debuginfo-0:3.6.8-74.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-debuginfo-0:3.6.8-74.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.i686"
},
"product_reference": "python3-debuginfo-0:3.6.8-74.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-debuginfo-0:3.6.8-74.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.ppc64le"
},
"product_reference": "python3-debuginfo-0:3.6.8-74.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-debuginfo-0:3.6.8-74.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.s390x"
},
"product_reference": "python3-debuginfo-0:3.6.8-74.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-debuginfo-0:3.6.8-74.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.x86_64"
},
"product_reference": "python3-debuginfo-0:3.6.8-74.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-debugsource-0:3.6.8-74.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.aarch64"
},
"product_reference": "python3-debugsource-0:3.6.8-74.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-debugsource-0:3.6.8-74.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.i686"
},
"product_reference": "python3-debugsource-0:3.6.8-74.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-debugsource-0:3.6.8-74.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.ppc64le"
},
"product_reference": "python3-debugsource-0:3.6.8-74.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-debugsource-0:3.6.8-74.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.s390x"
},
"product_reference": "python3-debugsource-0:3.6.8-74.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-debugsource-0:3.6.8-74.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.x86_64"
},
"product_reference": "python3-debugsource-0:3.6.8-74.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-idle-0:3.6.8-74.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.aarch64"
},
"product_reference": "python3-idle-0:3.6.8-74.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-idle-0:3.6.8-74.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.i686"
},
"product_reference": "python3-idle-0:3.6.8-74.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-idle-0:3.6.8-74.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.ppc64le"
},
"product_reference": "python3-idle-0:3.6.8-74.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-idle-0:3.6.8-74.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.s390x"
},
"product_reference": "python3-idle-0:3.6.8-74.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-idle-0:3.6.8-74.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.x86_64"
},
"product_reference": "python3-idle-0:3.6.8-74.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libs-0:3.6.8-74.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.aarch64"
},
"product_reference": "python3-libs-0:3.6.8-74.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libs-0:3.6.8-74.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.i686"
},
"product_reference": "python3-libs-0:3.6.8-74.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libs-0:3.6.8-74.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.ppc64le"
},
"product_reference": "python3-libs-0:3.6.8-74.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libs-0:3.6.8-74.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.s390x"
},
"product_reference": "python3-libs-0:3.6.8-74.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libs-0:3.6.8-74.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.x86_64"
},
"product_reference": "python3-libs-0:3.6.8-74.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-test-0:3.6.8-74.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.aarch64"
},
"product_reference": "python3-test-0:3.6.8-74.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-test-0:3.6.8-74.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.i686"
},
"product_reference": "python3-test-0:3.6.8-74.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-test-0:3.6.8-74.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.ppc64le"
},
"product_reference": "python3-test-0:3.6.8-74.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-test-0:3.6.8-74.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.s390x"
},
"product_reference": "python3-test-0:3.6.8-74.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-test-0:3.6.8-74.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.x86_64"
},
"product_reference": "python3-test-0:3.6.8-74.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-tkinter-0:3.6.8-74.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.aarch64"
},
"product_reference": "python3-tkinter-0:3.6.8-74.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-tkinter-0:3.6.8-74.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.i686"
},
"product_reference": "python3-tkinter-0:3.6.8-74.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-tkinter-0:3.6.8-74.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.ppc64le"
},
"product_reference": "python3-tkinter-0:3.6.8-74.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-tkinter-0:3.6.8-74.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.s390x"
},
"product_reference": "python3-tkinter-0:3.6.8-74.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-tkinter-0:3.6.8-74.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.x86_64"
},
"product_reference": "python3-tkinter-0:3.6.8-74.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-0:3.6.8-74.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.aarch64"
},
"product_reference": "platform-python-0:3.6.8-74.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-0:3.6.8-74.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.i686"
},
"product_reference": "platform-python-0:3.6.8-74.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-0:3.6.8-74.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.ppc64le"
},
"product_reference": "platform-python-0:3.6.8-74.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-0:3.6.8-74.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.s390x"
},
"product_reference": "platform-python-0:3.6.8-74.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-0:3.6.8-74.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.x86_64"
},
"product_reference": "platform-python-0:3.6.8-74.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-debug-0:3.6.8-74.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.aarch64"
},
"product_reference": "platform-python-debug-0:3.6.8-74.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-debug-0:3.6.8-74.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.i686"
},
"product_reference": "platform-python-debug-0:3.6.8-74.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-debug-0:3.6.8-74.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.ppc64le"
},
"product_reference": "platform-python-debug-0:3.6.8-74.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-debug-0:3.6.8-74.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.s390x"
},
"product_reference": "platform-python-debug-0:3.6.8-74.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-debug-0:3.6.8-74.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.x86_64"
},
"product_reference": "platform-python-debug-0:3.6.8-74.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-devel-0:3.6.8-74.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.aarch64"
},
"product_reference": "platform-python-devel-0:3.6.8-74.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-devel-0:3.6.8-74.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.i686"
},
"product_reference": "platform-python-devel-0:3.6.8-74.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-devel-0:3.6.8-74.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.ppc64le"
},
"product_reference": "platform-python-devel-0:3.6.8-74.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-devel-0:3.6.8-74.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.s390x"
},
"product_reference": "platform-python-devel-0:3.6.8-74.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "platform-python-devel-0:3.6.8-74.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.x86_64"
},
"product_reference": "platform-python-devel-0:3.6.8-74.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-0:3.6.8-74.el8_10.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-0:3.6.8-74.el8_10.src"
},
"product_reference": "python3-0:3.6.8-74.el8_10.src",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-debuginfo-0:3.6.8-74.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.aarch64"
},
"product_reference": "python3-debuginfo-0:3.6.8-74.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-debuginfo-0:3.6.8-74.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.i686"
},
"product_reference": "python3-debuginfo-0:3.6.8-74.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-debuginfo-0:3.6.8-74.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.ppc64le"
},
"product_reference": "python3-debuginfo-0:3.6.8-74.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-debuginfo-0:3.6.8-74.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.s390x"
},
"product_reference": "python3-debuginfo-0:3.6.8-74.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-debuginfo-0:3.6.8-74.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.x86_64"
},
"product_reference": "python3-debuginfo-0:3.6.8-74.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-debugsource-0:3.6.8-74.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.aarch64"
},
"product_reference": "python3-debugsource-0:3.6.8-74.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-debugsource-0:3.6.8-74.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.i686"
},
"product_reference": "python3-debugsource-0:3.6.8-74.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-debugsource-0:3.6.8-74.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.ppc64le"
},
"product_reference": "python3-debugsource-0:3.6.8-74.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-debugsource-0:3.6.8-74.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.s390x"
},
"product_reference": "python3-debugsource-0:3.6.8-74.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-debugsource-0:3.6.8-74.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.x86_64"
},
"product_reference": "python3-debugsource-0:3.6.8-74.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-idle-0:3.6.8-74.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.aarch64"
},
"product_reference": "python3-idle-0:3.6.8-74.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-idle-0:3.6.8-74.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.i686"
},
"product_reference": "python3-idle-0:3.6.8-74.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-idle-0:3.6.8-74.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.ppc64le"
},
"product_reference": "python3-idle-0:3.6.8-74.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-idle-0:3.6.8-74.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.s390x"
},
"product_reference": "python3-idle-0:3.6.8-74.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-idle-0:3.6.8-74.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.x86_64"
},
"product_reference": "python3-idle-0:3.6.8-74.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libs-0:3.6.8-74.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.aarch64"
},
"product_reference": "python3-libs-0:3.6.8-74.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libs-0:3.6.8-74.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.i686"
},
"product_reference": "python3-libs-0:3.6.8-74.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libs-0:3.6.8-74.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.ppc64le"
},
"product_reference": "python3-libs-0:3.6.8-74.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libs-0:3.6.8-74.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.s390x"
},
"product_reference": "python3-libs-0:3.6.8-74.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libs-0:3.6.8-74.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.x86_64"
},
"product_reference": "python3-libs-0:3.6.8-74.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-test-0:3.6.8-74.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.aarch64"
},
"product_reference": "python3-test-0:3.6.8-74.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-test-0:3.6.8-74.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.i686"
},
"product_reference": "python3-test-0:3.6.8-74.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-test-0:3.6.8-74.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.ppc64le"
},
"product_reference": "python3-test-0:3.6.8-74.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-test-0:3.6.8-74.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.s390x"
},
"product_reference": "python3-test-0:3.6.8-74.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-test-0:3.6.8-74.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.x86_64"
},
"product_reference": "python3-test-0:3.6.8-74.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-tkinter-0:3.6.8-74.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.aarch64"
},
"product_reference": "python3-tkinter-0:3.6.8-74.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-tkinter-0:3.6.8-74.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.i686"
},
"product_reference": "python3-tkinter-0:3.6.8-74.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-tkinter-0:3.6.8-74.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.ppc64le"
},
"product_reference": "python3-tkinter-0:3.6.8-74.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-tkinter-0:3.6.8-74.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.s390x"
},
"product_reference": "python3-tkinter-0:3.6.8-74.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-tkinter-0:3.6.8-74.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.x86_64"
},
"product_reference": "python3-tkinter-0:3.6.8-74.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-0938",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-01-31T18:00:46.128427+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2343237"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn\u0027t valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: cpython: URL parser allowed square brackets in domain names",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-0:3.6.8-74.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-0:3.6.8-74.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-0938"
},
{
"category": "external",
"summary": "RHBZ#2343237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-0938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0938"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/105704",
"url": "https://github.com/python/cpython/issues/105704"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/129418",
"url": "https://github.com/python/cpython/pull/129418"
}
],
"release_date": "2025-01-31T17:51:35.898000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T10:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-0:3.6.8-74.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-0:3.6.8-74.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5588"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-0:3.6.8-74.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-0:3.6.8-74.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-0:3.6.8-74.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-debug-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:platform-python-devel-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-0:3.6.8-74.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debuginfo-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-debugsource-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-idle-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-libs-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-test-0:3.6.8-74.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:python3-tkinter-0:3.6.8-74.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: cpython: URL parser allowed square brackets in domain names"
}
]
}
SSA-202008
Vulnerability from csaf_siemens - Published: 2025-12-09 00:00 - Updated: 2025-12-09 00:00Summary
SSA-202008: Multiple Vulnerabilities in Ruggedcom Rox Before V2.17.0
Notes
Summary: Ruggedcom ROX familly contain multiple vulnerabilities before V2.17.0
Siemens has released new versions for the affected products and recommends to update to the latest versions.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
5.3 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.5 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.5 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
9.8 (Critical)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
9.8 (Critical)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.3 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
CWE-190
- Integer Overflow or Wraparound
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
5.5 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
5.9 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.5 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
5.9 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
5.3 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
5.3 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
5.3 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
5.3 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
5.3 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
6.8 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
5.3 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
5.3 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
CWE-20
- Improper Input Validation
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
CWE-20
- Improper Input Validation
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
CWE-416
- Use After Free
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
CWE-416
- Use After Free
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
CWE-416
- Use After Free
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
CWE-125
- Out-of-bounds Read
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
8.8 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.1 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
CWE-200
- Exposure of Sensitive Information to an Unauthorized Actor
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
CWE-416
- Use After Free
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
CWE-191
- Integer Underflow (Wrap or Wraparound)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.0 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
CWE-362
- Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
CWE-362
- Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
8.8 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
CWE-415
- Double Free
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
CWE-863
- Incorrect Authorization
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
CWE-74
- Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
CWE-311
- Missing Encryption of Sensitive Data
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
9.1 (Critical)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
9.8 (Critical)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.1 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.1 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.1 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
5.5 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
5.3 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
CWE-311
- Missing Encryption of Sensitive Data
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
CWE-74
- Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.5 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
6.5 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
5.9 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.5 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.4 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
6.5 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.5 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
5.5 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
7.5 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
CWE-1287
- Improper Validation of Specified Type of Input
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
5.3 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
5.3 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
CWE-150
- Improper Neutralization of Escape, Meta, or Control Sequences
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
8.6 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
5.5 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
9.8 (Critical)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
6.8 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.0 |
Vendor Fix
fix
|
References
2 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Ruggedcom ROX familly contain multiple vulnerabilities before V2.17.0\n\nSiemens has released new versions for the affected products and recommends to update to the latest versions.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-202008: Multiple Vulnerabilities in Ruggedcom Rox Before V2.17.0 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-202008.html"
},
{
"category": "self",
"summary": "SSA-202008: Multiple Vulnerabilities in Ruggedcom Rox Before V2.17.0 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-202008.json"
}
],
"title": "SSA-202008: Multiple Vulnerabilities in Ruggedcom Rox Before V2.17.0",
"tracking": {
"current_release_date": "2025-12-09T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-202008",
"initial_release_date": "2025-12-09T00:00:00Z",
"revision_history": [
{
"date": "2025-12-09T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "interim",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.17.0",
"product": {
"name": "RUGGEDCOM ROX MX5000",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM ROX MX5000"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.17.0",
"product": {
"name": "RUGGEDCOM ROX MX5000RE",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM ROX MX5000RE"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.17.0",
"product": {
"name": "RUGGEDCOM ROX RX1400",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM ROX RX1400"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.17.0",
"product": {
"name": "RUGGEDCOM ROX RX1500",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM ROX RX1500"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.17.0",
"product": {
"name": "RUGGEDCOM ROX RX1501",
"product_id": "5"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM ROX RX1501"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.17.0",
"product": {
"name": "RUGGEDCOM ROX RX1510",
"product_id": "6"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM ROX RX1510"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.17.0",
"product": {
"name": "RUGGEDCOM ROX RX1511",
"product_id": "7"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM ROX RX1511"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.17.0",
"product": {
"name": "RUGGEDCOM ROX RX1512",
"product_id": "8"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM ROX RX1512"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.17.0",
"product": {
"name": "RUGGEDCOM ROX RX1524",
"product_id": "9"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM ROX RX1524"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.17.0",
"product": {
"name": "RUGGEDCOM ROX RX1536",
"product_id": "10"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM ROX RX1536"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.17.0",
"product": {
"name": "RUGGEDCOM ROX RX5000",
"product_id": "11"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM ROX RX5000"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-7169",
"cwe": {
"id": "CWE-271",
"name": "Privilege Dropping / Lowering Errors"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2018-7169"
},
{
"cve": "CVE-2018-9234",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2018-9234"
},
{
"cve": "CVE-2018-12934",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2018-12934"
},
{
"cve": "CVE-2018-1000876",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2018-1000876"
},
{
"cve": "CVE-2019-9893",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"notes": [
{
"category": "summary",
"text": "libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2019-9893"
},
{
"cve": "CVE-2019-12900",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2019-12900"
},
{
"cve": "CVE-2019-14866",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2019-14866"
},
{
"cve": "CVE-2020-12762",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2020-12762"
},
{
"cve": "CVE-2020-21047",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2020-21047"
},
{
"cve": "CVE-2020-22217",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "summary",
"text": "Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2020-22217"
},
{
"cve": "CVE-2020-35525",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2020-35525"
},
{
"cve": "CVE-2021-35550",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2021-35550"
},
{
"cve": "CVE-2021-35556",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2021-35556"
},
{
"cve": "CVE-2021-35559",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2021-35559"
},
{
"cve": "CVE-2021-35561",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2021-35561"
},
{
"cve": "CVE-2021-35564",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2021-35564"
},
{
"cve": "CVE-2021-35565",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2021-35565"
},
{
"cve": "CVE-2021-35567",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2021-35567"
},
{
"cve": "CVE-2021-35578",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2021-35578"
},
{
"cve": "CVE-2021-35586",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2021-35586"
},
{
"cve": "CVE-2021-35588",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2021-35588"
},
{
"cve": "CVE-2021-35603",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2021-35603"
},
{
"cve": "CVE-2021-36084",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2021-36084"
},
{
"cve": "CVE-2021-36085",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2021-36085"
},
{
"cve": "CVE-2021-36086",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2021-36086"
},
{
"cve": "CVE-2021-36087",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2021-36087"
},
{
"cve": "CVE-2021-38185",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2021-38185"
},
{
"cve": "CVE-2021-47358",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nstaging: greybus: uart: fix tty use after free\r\n\r\nUser space can hold a tty open indefinitely and tty drivers must not\r\nrelease the underlying structures until the last user is gone.\r\n\r\nSwitch to using the tty-port reference counter to manage the life time\r\nof the greybus tty state to avoid use after free after a disconnect.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2021-47358"
},
{
"cve": "CVE-2021-47361",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmcb: fix error handling in mcb_alloc_bus()\r\n\r\nThere are two bugs:\r\n1) If ida_simple_get() fails then this code calls put_device(carrier)\r\n but we haven\u0027t yet called get_device(carrier) and probably that\r\n leads to a use after free.\r\n2) After device_initialize() then we need to use put_device() to\r\n release the bus. This will free the internal resources tied to the\r\n device and call mcb_free_bus() which will free the rest.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2021-47361"
},
{
"cve": "CVE-2022-0435",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A stack overflow flaw was found in the Linux kernel\u0027s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-0435"
},
{
"cve": "CVE-2022-0492",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in the Linux kernel\u2019s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-0492"
},
{
"cve": "CVE-2022-0847",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in the way the \"flags\" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-0847"
},
{
"cve": "CVE-2022-0850",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-0850"
},
{
"cve": "CVE-2022-1353",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-1353"
},
{
"cve": "CVE-2022-1734",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-1734"
},
{
"cve": "CVE-2022-2639",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "summary",
"text": "An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-2639"
},
{
"cve": "CVE-2022-2964",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in the Linux kernel\u2019s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-2964"
},
{
"cve": "CVE-2022-3424",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free flaw was found in the Linux kernel\u2019s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-3424"
},
{
"cve": "CVE-2022-20141",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-20141"
},
{
"cve": "CVE-2022-23039",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Linux PV device frontends vulnerable to attacks by backends [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn\u0027t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-23039"
},
{
"cve": "CVE-2022-23040",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Linux PV device frontends vulnerable to attacks by backends [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn\u0027t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-23040"
},
{
"cve": "CVE-2022-24958",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev-\u003ebuf release.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-24958"
},
{
"cve": "CVE-2022-27223",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "summary",
"text": "In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-27223"
},
{
"cve": "CVE-2022-28390",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-28390"
},
{
"cve": "CVE-2022-30594",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "summary",
"text": "The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-30594"
},
{
"cve": "CVE-2022-34903",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim\u0027s keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-34903"
},
{
"cve": "CVE-2022-36123",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-36123"
},
{
"cve": "CVE-2022-37032",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-37032"
},
{
"cve": "CVE-2022-37434",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-37434"
},
{
"cve": "CVE-2022-41858",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-41858"
},
{
"cve": "CVE-2022-48624",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-48624"
},
{
"cve": "CVE-2022-48626",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmoxart: fix potential use-after-free on remove path\r\n\r\nIt was reported that the mmc host structure could be accessed after it\r\nwas freed in moxart_remove(), so fix this by saving the base register of\r\nthe device and using it instead of the pointer dereference.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-48626"
},
{
"cve": "CVE-2022-48919",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ncifs: fix double free race when mount fails in cifs_get_root()\r\n\r\nWhen cifs_get_root() fails during cifs_smb3_do_mount() we call\r\ndeactivate_locked_super() which eventually will call delayed_free() which\r\nwill free the context.\r\nIn this situation we should not proceed to enter the out: section in\r\ncifs_smb3_do_mount() and free the same resources a second time.\r\n\r\n[Thu Feb 10 12:59:06 2022] BUG: KASAN: use-after-free in rcu_cblist_dequeue+0x32/0x60\r\n[Thu Feb 10 12:59:06 2022] Read of size 8 at addr ffff888364f4d110 by task swapper/1/0\r\n\r\n[Thu Feb 10 12:59:06 2022] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G OE 5.17.0-rc3+ #4\r\n[Thu Feb 10 12:59:06 2022] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.0 12/17/2019\r\n[Thu Feb 10 12:59:06 2022] Call Trace:\r\n[Thu Feb 10 12:59:06 2022] \u003cIRQ\u003e\r\n[Thu Feb 10 12:59:06 2022] dump_stack_lvl+0x5d/0x78\r\n[Thu Feb 10 12:59:06 2022] print_address_description.constprop.0+0x24/0x150\r\n[Thu Feb 10 12:59:06 2022] ? rcu_cblist_dequeue+0x32/0x60\r\n[Thu Feb 10 12:59:06 2022] kasan_report.cold+0x7d/0x117\r\n[Thu Feb 10 12:59:06 2022] ? rcu_cblist_dequeue+0x32/0x60\r\n[Thu Feb 10 12:59:06 2022] __asan_load8+0x86/0xa0\r\n[Thu Feb 10 12:59:06 2022] rcu_cblist_dequeue+0x32/0x60\r\n[Thu Feb 10 12:59:06 2022] rcu_core+0x547/0xca0\r\n[Thu Feb 10 12:59:06 2022] ? call_rcu+0x3c0/0x3c0\r\n[Thu Feb 10 12:59:06 2022] ? __this_cpu_preempt_check+0x13/0x20\r\n[Thu Feb 10 12:59:06 2022] ? lock_is_held_type+0xea/0x140\r\n[Thu Feb 10 12:59:06 2022] rcu_core_si+0xe/0x10\r\n[Thu Feb 10 12:59:06 2022] __do_softirq+0x1d4/0x67b\r\n[Thu Feb 10 12:59:06 2022] __irq_exit_rcu+0x100/0x150\r\n[Thu Feb 10 12:59:06 2022] irq_exit_rcu+0xe/0x30\r\n[Thu Feb 10 12:59:06 2022] sysvec_hyperv_stimer0+0x9d/0xc0\r\n...\r\n[Thu Feb 10 12:59:07 2022] Freed by task 58179:\r\n[Thu Feb 10 12:59:07 2022] kasan_save_stack+0x26/0x50\r\n[Thu Feb 10 12:59:07 2022] kasan_set_track+0x25/0x30\r\n[Thu Feb 10 12:59:07 2022] kasan_set_free_info+0x24/0x40\r\n[Thu Feb 10 12:59:07 2022] ____kasan_slab_free+0x137/0x170\r\n[Thu Feb 10 12:59:07 2022] __kasan_slab_free+0x12/0x20\r\n[Thu Feb 10 12:59:07 2022] slab_free_freelist_hook+0xb3/0x1d0\r\n[Thu Feb 10 12:59:07 2022] kfree+0xcd/0x520\r\n[Thu Feb 10 12:59:07 2022] cifs_smb3_do_mount+0x149/0xbe0 [cifs]\r\n[Thu Feb 10 12:59:07 2022] smb3_get_tree+0x1a0/0x2e0 [cifs]\r\n[Thu Feb 10 12:59:07 2022] vfs_get_tree+0x52/0x140\r\n[Thu Feb 10 12:59:07 2022] path_mount+0x635/0x10c0\r\n[Thu Feb 10 12:59:07 2022] __x64_sys_mount+0x1bf/0x210\r\n[Thu Feb 10 12:59:07 2022] do_syscall_64+0x5c/0xc0\r\n[Thu Feb 10 12:59:07 2022] entry_SYSCALL_64_after_hwframe+0x44/0xae\r\n\r\n[Thu Feb 10 12:59:07 2022] Last potentially related work creation:\r\n[Thu Feb 10 12:59:07 2022] kasan_save_stack+0x26/0x50\r\n[Thu Feb 10 12:59:07 2022] __kasan_record_aux_stack+0xb6/0xc0\r\n[Thu Feb 10 12:59:07 2022] kasan_record_aux_stack_noalloc+0xb/0x10\r\n[Thu Feb 10 12:59:07 2022] call_rcu+0x76/0x3c0\r\n[Thu Feb 10 12:59:07 2022] cifs_umount+0xce/0xe0 [cifs]\r\n[Thu Feb 10 12:59:07 2022] cifs_kill_sb+0xc8/0xe0 [cifs]\r\n[Thu Feb 10 12:59:07 2022] deactivate_locked_super+0x5d/0xd0\r\n[Thu Feb 10 12:59:07 2022] cifs_smb3_do_mount+0xab9/0xbe0 [cifs]\r\n[Thu Feb 10 12:59:07 2022] smb3_get_tree+0x1a0/0x2e0 [cifs]\r\n[Thu Feb 10 12:59:07 2022] vfs_get_tree+0x52/0x140\r\n[Thu Feb 10 12:59:07 2022] path_mount+0x635/0x10c0\r\n[Thu Feb 10 12:59:07 2022] __x64_sys_mount+0x1bf/0x210\r\n[Thu Feb 10 12:59:07 2022] do_syscall_64+0x5c/0xc0\r\n[Thu Feb 10 12:59:07 2022] entry_SYSCALL_64_after_hwframe+0x44/0xae",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-48919"
},
{
"cve": "CVE-2022-48926",
"cwe": {
"id": "CWE-414",
"name": "Missing Lock Check"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nusb: gadget: rndis: add spinlock for rndis response list\r\n\r\nThere\u0027s no lock for rndis response list. It could cause list corruption\r\nif there\u0027re two different list_add at the same time like below.\r\nIt\u0027s better to add in rndis_add_response / rndis_free_response\r\n/ rndis_get_next_response to prevent any race condition on response list.\r\n\r\n[ 361.894299] [1: irq/191-dwc3:16979] list_add corruption.\r\nnext-\u003eprev should be prev (ffffff80651764d0),\r\nbut was ffffff883dc36f80. (next=ffffff80651764d0).\r\n\r\n[ 361.904380] [1: irq/191-dwc3:16979] Call trace:\r\n[ 361.904391] [1: irq/191-dwc3:16979] __list_add_valid+0x74/0x90\r\n[ 361.904401] [1: irq/191-dwc3:16979] rndis_msg_parser+0x168/0x8c0\r\n[ 361.904409] [1: irq/191-dwc3:16979] rndis_command_complete+0x24/0x84\r\n[ 361.904417] [1: irq/191-dwc3:16979] usb_gadget_giveback_request+0x20/0xe4\r\n[ 361.904426] [1: irq/191-dwc3:16979] dwc3_gadget_giveback+0x44/0x60\r\n[ 361.904434] [1: irq/191-dwc3:16979] dwc3_ep0_complete_data+0x1e8/0x3a0\r\n[ 361.904442] [1: irq/191-dwc3:16979] dwc3_ep0_interrupt+0x29c/0x3dc\r\n[ 361.904450] [1: irq/191-dwc3:16979] dwc3_process_event_entry+0x78/0x6cc\r\n[ 361.904457] [1: irq/191-dwc3:16979] dwc3_process_event_buf+0xa0/0x1ec\r\n[ 361.904465] [1: irq/191-dwc3:16979] dwc3_thread_interrupt+0x34/0x5c",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-48926"
},
{
"cve": "CVE-2022-48948",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nusb: gadget: uvc: Prevent buffer overflow in setup handler\r\n\r\nSetup function uvc_function_setup permits control transfer\r\nrequests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE),\r\ndata stage handler for OUT transfer uses memcpy to copy req-\u003eactual\r\nbytes to uvc_event-\u003edata.data array of size 60. This may result\r\nin an overflow of 4 bytes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-48948"
},
{
"cve": "CVE-2022-48951",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()\r\n\r\nThe bounds checks in snd_soc_put_volsw_sx() are only being applied to the\r\nfirst channel, meaning it is possible to write out of bounds values to the\r\nsecond channel in stereo controls. Add appropriate checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-48951"
},
{
"cve": "CVE-2022-48960",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: hisilicon: Fix potential use-after-free in hix5hd2_rx()\r\n\r\nThe skb is delivered to napi_gro_receive() which may free it, after\r\ncalling this, dereferencing skb may trigger use-after-free.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-48960"
},
{
"cve": "CVE-2022-48962",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: hisilicon: Fix potential use-after-free in hisi_femac_rx()\r\n\r\nThe skb is delivered to napi_gro_receive() which may free it, after\r\ncalling this, dereferencing skb may trigger use-after-free.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-48962"
},
{
"cve": "CVE-2022-48966",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: mvneta: Prevent out of bounds read in mvneta_config_rss()\r\n\r\nThe pp-\u003eindir[0] value comes from the user. It is passed to:\r\n\r\n\tif (cpu_online(pp-\u003erxq_def))\r\n\r\ninside the mvneta_percpu_elect() function. It needs bounds checkeding\r\nto ensure that it is not beyond the end of the cpu bitmap.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-48966"
},
{
"cve": "CVE-2022-48967",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nNFC: nci: Bounds check struct nfc_target arrays\r\n\r\nWhile running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported:\r\n\r\n memcpy: detected field-spanning write (size 129) of single field \"target-\u003esensf_res\" at net/nfc/nci/ntf.c:260 (size 18)\r\n\r\nThis appears to be a legitimate lack of bounds checking in\r\nnci_add_new_protocol(). Add the missing checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-48967"
},
{
"cve": "CVE-2022-49058",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: potential buffer overflow in handling symlinks\n\nSmatch printed a warning:\n\tarch/x86/crypto/poly1305_glue.c:198 poly1305_update_arch() error:\n\t__memcpy() \u0027dctx-\u003ebuf\u0027 too small (16 vs u32max)\n\nIt\u0027s caused because Smatch marks \u0027link_len\u0027 as untrusted since it comes\nfrom sscanf(). Add a check to ensure that \u0027link_len\u0027 is not larger than\nthe size of the \u0027link_str\u0027 buffer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-49058"
},
{
"cve": "CVE-2023-4641",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2023-4641"
},
{
"cve": "CVE-2023-27043",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2023-27043"
},
{
"cve": "CVE-2023-28322",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "An information disclosure vulnerability exists in curl \u003cv8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2023-28322"
},
{
"cve": "CVE-2023-29383",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that \"cat /etc/passwd\" shows a rogue user account.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2023-29383"
},
{
"cve": "CVE-2023-29491",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2023-29491"
},
{
"cve": "CVE-2023-41358",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2023-41358"
},
{
"cve": "CVE-2023-46218",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "summary",
"text": "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl\u0027s function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2023-46218"
},
{
"cve": "CVE-2023-46753",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2023-46753"
},
{
"cve": "CVE-2023-47234",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2023-47234"
},
{
"cve": "CVE-2024-0397",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A defect was discovered in the Python \u201cssl\u201d module where there is a memory\nrace condition with the ssl.SSLContext methods \u201ccert_store_stats()\u201d and\n\u201cget_ca_certs()\u201d. The race condition can be triggered if the methods are\ncalled at the same time as certificates are loaded into the SSLContext,\nsuch as during the TLS handshake with a certificate directory configured.\nThis issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2024-0397"
},
{
"cve": "CVE-2024-5642",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "CPython 3.9 and earlier doesn\u0027t disallow configuring an empty list (\"[]\") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2024-5642"
},
{
"cve": "CVE-2024-6232",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "summary",
"text": "There is a MEDIUM severity vulnerability affecting CPython.\n\n\n\n\n\nRegular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2024-6232"
},
{
"cve": "CVE-2024-6923",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "There is a MEDIUM severity vulnerability affecting CPython.\n\nThe \nemail module didn\u2019t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\n is serialized.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2024-6923"
},
{
"cve": "CVE-2024-7592",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "There is a LOW severity vulnerability affecting CPython, specifically the\n\u0027http.cookies\u0027 standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2024-7592"
},
{
"cve": "CVE-2024-11168",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"notes": [
{
"category": "summary",
"text": "he urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren\u0027t IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2024-11168"
},
{
"cve": "CVE-2024-12133",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "summary",
"text": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2024-12133"
},
{
"cve": "CVE-2024-12243",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2024-12243"
},
{
"cve": "CVE-2024-28085",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"notes": [
{
"category": "summary",
"text": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users\u0027 terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2024-28085"
},
{
"cve": "CVE-2024-32487",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2024-32487"
},
{
"cve": "CVE-2024-50602",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2024-50602"
},
{
"cve": "CVE-2024-52533",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing \u0027\\\\0\u0027 character.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2024-52533"
},
{
"cve": "CVE-2025-0938",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn\u0027t valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.0 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109997648/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2025-0938"
}
]
}
SUSE-SU-2025:02074-1
Vulnerability from csaf_suse - Published: 2025-06-24 07:26 - Updated: 2025-06-24 07:26Summary
Security update for python313
Severity
Important
Notes
Title of the patch: Security update for python313
Description of the patch: This update for python313 fixes the following issues:
Update to version 3.13.5.
Security issues fixed:
- CVE-2025-4517: arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032)
- CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273).
- CVE-2025-4330: extraction filter bypass for linking outside extraction directory (bsc#1244060)
- CVE-2025-4138: may allow symlink targets to point outside the destination directory, and the modification of some file metadata.
(bsc#1244059)
- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse (bsc#1236705).
- CVE-2024-12718: bypass extraction filter to modify file metadata outside extraction directory (bsc#1244056)
- CVE-2024-12254: memory exhaustion due to unbounded memory buffering in `SelectorSocketTransport.writelines()`
(bsc#1234290).
Other changes and issues fixed:
Changes from 3.13.5:
- Tests
- gh-135120: Add test.support.subTests().
- Library
- gh-133967: Do not normalize locale name ‘C.UTF-8’ to
‘en_US.UTF-8’.
- gh-135326: Restore support of integer-like objects with
__index__() in random.getrandbits().
- gh-135321: Raise a correct exception for values greater
than 0x7fffffff for the BINSTRING opcode in the C
implementation of pickle.
- gh-135276: Backported bugfixes in zipfile.Path from
zipp 3.23. Fixed .name, .stem and other basename-based
properties on Windows when working with a zipfile on disk.
- gh-134151: email: Fix TypeError in
email.utils.decode_params() when sorting RFC 2231
continuations that contain an unnumbered section.
- gh-134152: email: Fix parsing of email message ID with
invalid domain.
- gh-127081: Fix libc thread safety issues with os by
replacing getlogin with getlogin_r re-entrant version.
- gh-131884: Fix formatting issues in json.dump() when both
indent and skipkeys are used.
- Core and Builtins
- gh-135171: Roll back changes to generator and list
comprehensions that went into 3.13.4 to fix gh-127682,
but which involved semantic and bytecode changes not
appropriate for a bugfix release.
- C API
- gh-134989: Fix Py_RETURN_NONE, Py_RETURN_TRUE and
Py_RETURN_FALSE macros in the limited C API 3.11 and
older: don’t treat Py_None, Py_True and Py_False as
immortal. Patch by Victor Stinner.
- gh-134989: Implement PyObject_DelAttr() and
PyObject_DelAttrString() as macros in the limited C API
3.12 and older. Patch by Victor Stinner.
Changes from 3.13.4:
- Security
- gh-135034: Fixes multiple issues that allowed tarfile
extraction filters (filter='data' and filter='tar') to be
bypassed using crafted symlinks and hard links.
Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138
(bsc#1244059), CVE-2025-4330 (bsc#1244060), and
CVE-2025-4517 (bsc#1244032).
- gh-133767: Fix use-after-free in the “unicode-escape”
decoder with a non-“strict” error handler (CVE-2025-4516,
bsc#1243273).
- gh-128840: Short-circuit the processing of long IPv6
addresses early in ipaddress to prevent excessive memory
consumption and a minor denial-of-service.
- Library
- gh-134718: ast.dump() now only omits None and [] values if
they are default values.
- gh-128840: Fix parsing long IPv6 addresses with embedded
IPv4 address.
- gh-134696: Built-in HACL* and OpenSSL implementations of
hash function constructors now correctly accept the same
documented named arguments. For instance, md5() could be
previously invoked as md5(data=data) or md5(string=string)
depending on the underlying implementation but these calls
were not compatible. Patch by Bénédikt Tran.
- gh-134210: curses.window.getch() now correctly handles
signals. Patch by Bénédikt Tran.
- gh-80334: multiprocessing.freeze_support() now checks for
work on any “spawn” start method platform rather than only
on Windows.
- gh-114177: Fix asyncio to not close subprocess pipes which
would otherwise error out when the event loop is already
closed.
- gh-134152: Fixed UnboundLocalError that could occur during
email header parsing if an expected trailing delimiter is
missing in some contexts.
- gh-62184: Remove import of C implementation of io.FileIO
from Python implementation which has its own implementation
- gh-133982: Emit RuntimeWarning in the Python implementation
of io when the file-like object is not closed explicitly in
the presence of multiple I/O layers.
- gh-133890: The tarfile module now handles
UnicodeEncodeError in the same way as OSError when cannot
extract a member.
- gh-134097: Fix interaction of the new REPL and -X
showrefcount command line option.
- gh-133889: The generated directory listing page in
http.server.SimpleHTTPRequestHandler now only shows the
decoded path component of the requested URL, and not the
query and fragment.
- gh-134098: Fix handling paths that end with
a percent-encoded slash (%2f or %2F) in
http.server.SimpleHTTPRequestHandler.
- gh-134062: ipaddress: fix collisions in __hash__() for
IPv4Network and IPv6Network objects.
- gh-133745: In 3.13.3 we accidentally changed the signature
of the asyncio create_task() family of methods and how it
calls a custom task factory in a backwards incompatible
way. Since some 3rd party libraries have already made
changes to work around the issue that might break if
we simply reverted the changes, we’re instead changing
things to be backwards compatible with 3.13.2 while still
supporting those workarounds for 3.13.3. In particular, the
special-casing of name and context is back (until 3.14) and
consequently eager tasks may still find that their name
hasn’t been set before they execute their first yielding
await.
- gh-71253: Raise ValueError in open() if opener returns a
negative file-descriptor in the Python implementation of io
to match the C implementation.
- gh-77057: Fix handling of invalid markup declarations in
html.parser.HTMLParser.
- gh-133489: random.getrandbits() can now generate more that
231 bits. random.randbytes() can now generate more that 256
MiB.
- gh-133290: Fix attribute caching issue when setting
ctypes._Pointer._type_ in the undocumented and deprecated
ctypes.SetPointerType() function and the undocumented
set_type() method.
- gh-132876: ldexp() on Windows doesn’t round subnormal
results before Windows 11, but should. Python’s
math.ldexp() wrapper now does round them, so results may
change slightly, in rare cases of very small results, on
Windows versions before 11.
- gh-133089: Use original timeout value for
subprocess.TimeoutExpired when the func subprocess.run()
is called with a timeout instead of sometimes a confusing
partial remaining time out value used internally on the
final wait().
- gh-133009: xml.etree.ElementTree: Fix a crash in
Element.__deepcopy__ when the element is concurrently
mutated. Patch by Bénédikt Tran.
- gh-132995: Bump the version of pip bundled in ensurepip to
version 25.1.1
- gh-132017: Fix error when pyrepl is suspended, then resumed
and terminated.
- gh-132673: Fix a crash when using _align_ = 0 and _fields_
= [] in a ctypes.Structure.
- gh-132527: Include the valid typecode ‘w’ in the error
message when an invalid typecode is passed to array.array.
- gh-132439: Fix PyREPL on Windows: characters entered via
AltGr are swallowed. Patch by Chris Eibl.
- gh-132429: Fix support of Bluetooth sockets on NetBSD and
DragonFly BSD.
- gh-132106: QueueListener.start now raises a RuntimeError if
the listener is already started.
- gh-132417: Fix a NULL pointer dereference when a C function
called using ctypes with restype py_object returns NULL.
- gh-132385: Fix instance error suggestions trigger potential
exceptions in object.__getattr__() in traceback.
- gh-132308: A traceback.TracebackException now correctly
renders the __context__ and __cause__ attributes from
falsey Exception, and the exceptions attribute from falsey
ExceptionGroup.
- gh-132250: Fixed the SystemError in cProfile when locating
the actual C function of a method raises an exception.
- gh-132063: Prevent exceptions that evaluate as
falsey (namely, when their __bool__ method returns
False or their __len__ method returns 0) from being
ignored by concurrent.futures.ProcessPoolExecutor and
concurrent.futures.ThreadPoolExecutor.
- gh-119605: Respect follow_wrapped for __init__() and
__new__() methods when getting the class signature for a
class with inspect.signature(). Preserve class signature
after wrapping with warnings.deprecated(). Patch by Xuehai
Pan.
- gh-91555: Ignore log messages generated during handling of
log messages, to avoid deadlock or infinite recursion.
- gh-131434: Improve error reporting for incorrect format in
time.strptime().
- gh-131127: Systems using LibreSSL now successfully build.
- gh-130999: Avoid exiting the new REPL and offer suggestions
even if there are non-string candidates when errors occur.
- gh-130941: Fix configparser.ConfigParser parsing empty
interpolation with allow_no_value set to True.
- gh-129098: Fix REPL traceback reporting when using
compile() with an inexisting file. Patch by Bénédikt Tran.
- gh-130631: http.cookiejar.join_header_words() is now more
similar to the original Perl version. It now quotes the
same set of characters and always quote values that end
with '\n'.
- gh-129719: Fix missing socket.CAN_RAW_ERR_FILTER constant
in the socket module on Linux systems. It was missing since
Python 3.11.
- gh-124096: Turn on virtual terminal mode and enable
bracketed paste in REPL on Windows console. (If the
terminal does not support bracketed paste, enabling it does
nothing.)
- gh-122559: Remove __reduce__() and __reduce_ex__() methods
that always raise TypeError in the C implementation
of io.FileIO, io.BufferedReader, io.BufferedWriter
and io.BufferedRandom and replace them with default
__getstate__() methods that raise TypeError. This restores
fine details of behavior of Python 3.11 and older versions.
- gh-122179: hashlib.file_digest() now raises BlockingIOError
when no data is available during non-blocking I/O. Before,
it added spurious null bytes to the digest.
- gh-86155: html.parser.HTMLParser.close() no longer loses
data when the <script> tag is not closed. Patch by Waylan
Limberg.
- gh-69426: Fix html.parser.HTMLParser to not unescape
character entities in attribute values if they are followed
by an ASCII alphanumeric or an equals sign.
- bpo-44172: Keep a reference to original curses windows in
subwindows so that the original window does not get deleted
before subwindows.
- Tests
- gh-133744: Fix multiprocessing interrupt test. Add an event
to synchronize the parent process with the child process:
wait until the child process starts sleeping. Patch by
Victor Stinner.
- gh-133639: Fix
TestPyReplAutoindent.test_auto_indent_default() doesn’t run
input_code.
- gh-133131: The iOS testbed will now select the most
recently released “SE-class” device for testing if a device
isn’t explicitly specified.
- gh-109981: The test helper that counts the list of open
file descriptors now uses the optimised /dev/fd approach on
all Apple platforms, not just macOS. This avoids crashes
caused by guarded file descriptors.
- IDLE
- gh-112936: fix IDLE: no Shell menu item in single-process
mode.
- Documentation
- gh-107006: Move documentation and example code for
threading.local from its docstring to the official docs.
- Core and Builtins
- gh-134908: Fix crash when iterating over lines in a text
file on the free threaded build.
- gh-127682: No longer call __iter__ twice in list
comprehensions. This brings the behavior of list
comprehensions in line with other forms of iteration
- gh-134381: Fix RuntimeError when using a not-started
threading.Thread after calling os.fork()
- gh-128066: Fixes an edge case where PyREPL improperly threw
an error when Python is invoked on a read only filesystem
while trying to write history file entries.
- gh-134100: Fix a use-after-free bug that occurs when an
imported module isn’t in sys.modules after its initial
import. Patch by Nico-Posada.
- gh-133703: Fix hashtable in dict can be bigger than
intended in some situations.
- gh-132869: Fix crash in the free threading build when
accessing an object attribute that may be concurrently
inserted or deleted.
- gh-132762: fromkeys() no longer loops forever when adding
a small set of keys to a large base dict. Patch by Angela
Liss.
- gh-133543: Fix a possible memory leak that could occur when
directly accessing instance dictionaries (__dict__) that
later become part of a reference cycle.
- gh-133516: Raise ValueError when constants True, False or
None are used as an identifier after NFKC normalization.
- gh-133441: Fix crash upon setting an attribute with a dict
subclass. Patch by Victor Stinner.
- gh-132942: Fix two races in the type lookup cache. This
affected the free-threaded build and could cause crashes
(apparently quite difficult to trigger).
- gh-132713: Fix repr(list) race condition: hold a strong
reference to the item while calling repr(item). Patch by
Victor Stinner.
- gh-132747: Fix a crash when calling __get__() of a method
with a None second argument.
- gh-132542: Update Thread.native_id after fork(2) to ensure
accuracy. Patch by Noam Cohen.
- gh-124476: Fix decoding from the locale encoding in the
C.UTF-8 locale.
- gh-131927: Compiler warnings originating from the same
module and line number are now only emitted once, matching
the behaviour of warnings emitted from user code. This can
also be configured with warnings filters.
- gh-127682: No longer call __iter__ twice when creating and
executing a generator expression. Creating a generator
expression from a non-interable will raise only when the
generator expression is executed. This brings the behavior
of generator expressions in line with other generators.
- gh-131878: Handle uncaught exceptions in the main input
loop for the new REPL.
- gh-131878: Fix support of unicode characters with two or
more codepoints on Windows in the new REPL.
- gh-130804: Fix support of unicode characters on Windows in
the new REPL.
- gh-130070: Fixed an assertion error for exec() passed a
string source and a non-None closure. Patch by Bartosz
Sławecki.
- gh-129958: Fix a bug that was allowing newlines
inconsitently in format specifiers for single-quoted
f-strings. Patch by Pablo Galindo.
- C API
- gh-132909: Fix an overflow when handling the K format in
Py_BuildValue(). Patch by Bénédikt Tran.
- Changes from version 3.13.3
- Tools/Demos
- gh-131852: msgfmt no longer adds the POT-Creation-Date to
generated .mo files for consistency with GNU msgfmt.
- gh-85012: Correctly reset msgctxt when compiling messages
in msgfmt.
- gh-130025: The iOS testbed now correctly handles symlinks
used as Python framework references.
- Tests
- gh-131050: test_ssl.test_dh_params is skipped if the
underlying TLS library does not support finite-field
ephemeral Diffie-Hellman.
- gh-129200: Multiple iOS testbed runners can now be started
at the same time without introducing an ambiguity over
simulator ownership.
- gh-130292: The iOS testbed will now run successfully on a
machine that has not previously run Xcode tests (such as CI
configurations).
- gh-130293: The tests of terminal colorization are no longer
sensitive to the value of the TERM variable in the testing
environment.
- gh-126332: Add unit tests for pyrepl.
- Security
- gh-131809: Update bundled libexpat to 2.7.1
- gh-131261: Upgrade to libexpat 2.7.0
- gh-127371: Avoid unbounded buffering for
tempfile.SpooledTemporaryFile.writelines(). Previously,
disk spillover was only checked after the lines iterator
had been exhausted. This is now done after each line is
written.
- gh-121284: Fix bug in the folding of rfc2047 encoded-words
when flattening an email message using a modern email
policy. Previously when an encoded-word was too long for
a line, it would be decoded, split across lines, and
re-encoded. But commas and other special characters in the
original text could be left unencoded and unquoted. This
could theoretically be used to spoof header lines using
a carefully constructed encoded-word if the resulting
rendered email was transmitted or re-parsed.
- Library
- gh-132174: Fix function name in error message of
_interpreters.run_string.
- gh-132171: Fix crash of _interpreters.run_string on string
subclasses.
- gh-129204: Introduce new _PYTHON_SUBPROCESS_USE_POSIX_SPAWN
environment variable knob in subprocess to control the use
of os.posix_spawn().
- gh-132159: Do not shadow user arguments in generated
__new__() by decorator warnings.deprecated. Patch by Xuehai
Pan.
- gh-132075: Fix possible use of socket address structures
with uninitialized members. Now all structure members are
initialized with zeroes by default.
- gh-132002: Fix crash when deallocating
contextvars.ContextVar with weird unahashable string names.
- gh-131668: socket: Fix code parsing AF_BLUETOOTH socket
addresses.
- gh-131492: Fix a resource leak when constructing a
gzip.GzipFile with a filename fails, for example when
passing an invalid compresslevel.
- gh-131325: Fix sendfile fallback implementation to drain
data after writing to transport in asyncio.
- gh-129843: Fix incorrect argument passing in
warnings.warn_explicit().
- gh-131204: Use monospace font from System Font Stack for
cross-platform support in difflib.HtmlDiff.
- gh-130940: The PyConfig.use_system_logger attribute,
introduced in Python 3.13.2, has been removed. The
introduction of this attribute inadvertently introduced an
ABI breakage on macOS and iOS. The use of the system logger
is now enabled by default on iOS, and disabled by default
on macOS.
- gh-131045: Fix issue with __contains__, values, and
pseudo-members for enum.Flag.
- gh-130959: Fix pure-Python implementation of
datetime.time.fromisoformat() to reject times with spaces
in fractional part (for example, 12:34:56.400 +02:00),
matching the C implementation. Patch by Michał Gorny.
- gh-130637: Add validation for numeric response data in
poplib.POP3.stat() method
- gh-130461: Remove .. index:: directives from the uuid
module documentation. These directives previously created
entries in the general index for getnode() as well as
the uuid1(), uuid3(), uuid4(), and uuid5() constructor
functions.
- gh-130379: The zipapp module now calculates the list of
files to be added to the archive before creating the
archive. This avoids accidentally including the target when
it is being created in the source directory.
- gh-130285: Fix corner case for random.sample() allowing the
counts parameter to specify an empty population. So now,
sample([], 0, counts=[]) and sample('abc', k=0, counts=[0,
0, 0]) both give the same result as sample([], 0).
- gh-130250: Fix regression in traceback.print_last().
- gh-130230: Fix crash in pow() with only Decimal third
argument.
- gh-118761: Reverts a change in the previous release
attempting to make some stdlib imports used within the
subprocess module lazy as this was causing errors during
__del__ finalizers calling methods such as terminate, or
kill, or send_signal.
- gh-130164: Fixed failure to raise TypeError in
inspect.Signature.bind() for positional-only arguments
provided by keyword when a variadic keyword argument (e.g.
--kwargs) is present.
- gh-130151: Fix reference leaks in _hashlib.hmac_new() and
_hashlib.hmac_digest(). Patch by Bénédikt Tran.
- gh-130145: Fix asyncio.AbstractEventloop.run_forever() when
another loop is already running.
- gh-129726: Fix gzip.GzipFile raising an unraisable
exception during garbage collection when referring to
a temporary object by breaking the reference loop with
weakref.
- gh-127750: Remove broken functools.singledispatchmethod()
caching introduced in gh-85160.
- gh-129583: Update bundled pip to 25.0.1
- gh-97850: Update the deprecation warning of
importlib.abc.Loader.load_module().
- gh-129646: Update the locale alias mapping in the locale
module to match the latest X Org locale alias mapping and
support new locales in Glibc 2.41.
- gh-129603: Fix bugs where sqlite3.Row objects could
segfault if their inherited description was set to
None. Patch by Erlend Aasland.
- gh-128231: Execution of multiple statements in the new
REPL now stops immediately upon the first exception
encountered. Patch by Bartosz Sławecki.
- gh-117779: Fix reading duplicated entries in zipfile by
name. Reading duplicated entries (except the last one)
by ZipInfo now emits a warning instead of raising an
exception.
- gh-128772: Fix pydoc for methods with the __module__
attribute equal to None.
- gh-92897: Scheduled the deprecation of the check_home
argument of sysconfig.is_python_build() to Python 3.15.
- gh-128657: Fix possible extra reference when using objects
returned by hashlib.sha256() under free threading.
- gh-128703: Fix mimetypes.guess_type() to use default
mapping for empty Content-Type in registry.
- gh-128308: Support the name keyword argument
for eager tasks in asyncio.loop.create_task(),
asyncio.create_task() and asyncio.TaskGroup.create_task(),
by passing on all kwargs to the task factory set by
asyncio.loop.set_task_factory().
- gh-128388: Fix PyREPL on Windows to support more
keybindings, like the Control-← and Control-→ word-skipping
keybindings and those with meta (i.e. Alt), e.g. Alt-d to
kill-word or Alt-Backspace backward-kill-word.
- gh-126037: xml.etree.ElementTree: Fix a crash in
Element.find, Element.findtext and Element.findall when
the tag to find implements an __eq__() method mutating the
element being queried. Patch by Bénédikt Tran.
- gh-127712: Fix handling of the secure argument of
logging.handlers.SMTPHandler.
- gh-126033: xml.etree.ElementTree: Fix a crash in
Element.remove when the element is concurrently
mutated. Patch by Bénédikt Tran.
- gh-118201: Fixed intermittent failures of os.confstr,
os.pathconf and os.sysconf on iOS and Android.
- gh-124927: Non-printing characters are now properly handled
in the new REPL.
- IDLE
- gh-129873: Simplify displaying the IDLE doc by only copying
the text section of idle.html to idlelib/help.html. Patch
by Stan Ulbrych.
- Documentation
- gh-131417: Mention asyncio.Future and asyncio.Task in
generic classes list.
- gh-125722: Require Sphinx 8.2.0 or later to build the
Python documentation. Patch by Adam Turner.
- gh-129712: The wheel tags supported by each macOS universal
SDK option are now documented.
- gh-46236: C API: Document PyUnicode_RSplit(),
PyUnicode_Partition() and PyUnicode_RPartition().
- Core and Builtins
- gh-132011: Fix crash when calling list.append() as an
unbound method.
- gh-131998: Fix a crash when using an unbound method
descriptor object in a function where a bound method
descriptor was used.
- gh-131988: Fix a performance regression that caused scaling
bottlenecks in the free threaded build in 3.13.1 and
3.13.2.
- gh-131719: Fix missing NULL check in _PyMem_FreeDelayed in
free-threaded build.
- gh-131670: Fix anext() failing on sync __anext__() raising
an exception.
- gh-131141: Fix data race in sys.monitoring instrumentation
while registering callback.
- gh-130932: Fix incorrect exception handling in
_PyModule_IsPossiblyShadowing
- gh-130851: Fix a crash in the free threading build when
constructing a code object with co_consts that contains
instances of types that are not otherwise generated by the
bytecode compiler.
- gh-130794: Fix memory leak in the free threaded build
when resizing a shared list or dictionary from multiple
short-lived threads.
- gh-130775: Do not crash on negative column and end_column
in ast locations.
- gh-130382: Fix PyRefTracer_DESTROY not being sent from
Python/ceval.c Py_DECREF().
- gh-130618: Fix a bug that was causing UnicodeDecodeError or
SystemError to be raised when using f-strings with lambda
expressions with non-ASCII characters. Patch by Pablo
Galindo
- gh-130163: Fix possible crashes related to concurrent
change and use of the sys module attributes.
- gh-88887: Fixing multiprocessing Resource Tracker process
leaking, usually observed when running Python as PID 1.
- gh-130115: Fix an issue with thread identifiers being
sign-extended on some platforms.
- gh-128396: Fix a crash that occurs when calling locals()
inside an inline comprehension that uses the same local
variable as the outer frame scope where the variable is a
free or cell var.
- gh-116042: Fix location for SyntaxErrors of invalid escapes
in the tokenizer. Patch by Pablo Galindo
- gh-129983: Fix data race in compile_template in sre.c.
- gh-129967: Fix a race condition in the free threading build
when repr(set) is called concurrently with set.clear().
- gh-129900: Fix return codes inside SystemExit not getting
returned by the REPL.
- gh-129732: Fixed a race in _Py_qsbr_reserve in the free
threading build.
- gh-129643: Fix thread safety of PyList_Insert() in
free-threading builds.
- gh-129668: Fix race condition when raising MemoryError in
the free threaded build.
- gh-129643: Fix thread safety of PyList_SetItem() in
free-threading builds. Patch by Kumar Aditya.
- gh-128714: Fix the potential races in get/set dunder
methods __annotations__, __annotate__ and __type_params__
for function object, and add related tests.
- gh-128632: Disallow __classdict__ as the name of a type
parameter. Using this name would previously crash the
interpreter in some circumstances.
- gh-127953: The time to handle a LINE event in
sys.monitoring (and sys.settrace) is now independent of the
number of lines in the code object.
- gh-125331: from __future__ import barry_as_FLUFL now works
in more contexts, including when it is used in files,
with the -c flag, and in the REPL when there are multiple
statements on the same line. Previously, it worked only
on subsequent lines in the REPL, and when the appropriate
flags were passed directly to compile(). Patch by Pablo
Galindo.
- C API
- gh-131740: Update PyUnstable_GC_VisitObjects to traverse
perm gen.
- gh-129533: Update PyGC_Enable(), PyGC_Disable(),
PyGC_IsEnabled() to use atomic operation for thread-safety
at free-threading build. Patch by Donghee Na.
- Build
- gh-131865: The DTrace build now properly passes the CC
and CFLAGS variables to the dtrace command when utilizing
SystemTap on Linux.
- gh-131675: Fix mimalloc library builds for 32-bit ARM
targets.
- gh-130673: Fix potential KeyError when handling object
sections during JIT building process.
- gh-130740: Ensure that Python.h is included before
stdbool.h unless pyconfig.h is included before or in some
platform-specific contexts.
- gh-129838: Don’t redefine _Py_NO_SANITIZE_UNDEFINED when
compiling with a recent GCC version and undefined sanitizer
enabled.
- gh-129660: Drop test_embed from PGO training, whose
contribution in recent versions is considered to be
ignorable.
- Changes from version 3.13.2:
- Tools/Demos
- gh-128152: Fix a bug where Argument Clinic’s C
pre-processor parser tried to parse pre-processor
directives inside C comments. Patch by Erlend Aasland.
- Tests
- gh-127906: Test the limited C API in test_cppext. Patch by
Victor Stinner.
- gh-127637: Add tests for the dis command-line
interface. Patch by Bénédikt Tran.
- gh-126925: iOS test results are now streamed during test
execution, and the deprecated xcresulttool is no longer
used.
- Security
- gh-105704: When using urllib.parse.urlsplit() and
urllib.parse.urlparse() host parsing would not reject
domain names containing square brackets ([ and ]). Square
brackets are only valid for IPv6 and IPvFuture hosts
according to RFC 3986 Section 3.2.2. (CVE-2025-0938,
bsc#1236705)
- gh-127655: Fixed the
asyncio.selector_events._SelectorSocketTransport
transport not pausing writes for the protocol when
the buffer reaches the high water mark when using
asyncio.WriteTransport.writelines() (CVE-2024-12254,
bsc#1234290).
- gh-126108: Fix a possible NULL pointer dereference in
PySys_AddWarnOptionUnicode().
- gh-80222: Fix bug in the folding of quoted strings
when flattening an email message using a modern email
policy. Previously when a quoted string was folded so
that it spanned more than one line, the surrounding
quotes and internal escapes would be omitted. This could
theoretically be used to spoof header lines using a
carefully constructed quoted string if the resulting
rendered email was transmitted or re-parsed.
- gh-119511: Fix a potential denial of service in the imaplib
module. When connecting to a malicious server, it could
cause an arbitrary amount of memory to be allocated. On
many systems this is harmless as unused virtual memory is
only a mapping, but if this hit a virtual address size
limit it could lead to a MemoryError or other process
crash. On unusual systems or builds where all allocated
memory is touched and backed by actual ram or storage
it could’ve consumed resources doing so until similarly
crashing.
- Library
- gh-129502: Unlikely errors in preparing arguments for
ctypes callback are now handled in the same way as errors
raised in the callback of in converting the result of
the callback – using sys.unraisablehook() instead of
sys.excepthook() and not setting sys.last_exc and other
variables.
- gh-129403: Corrected ValueError message for asyncio.Barrier
and threading.Barrier.
- gh-129409: Fix an integer overflow in the csv module when
writing a data field larger than 2GB.
- gh-118761: Improve import time of subprocess by lazy
importing locale and signal. Patch by Taneli Hukkinen.
- gh-129346: In sqlite3, handle out-of-memory when creating
user-defined SQL functions.
- gh-129061: Fix FORCE_COLOR and NO_COLOR when empty
strings. Patch by Hugo van Kemenade.
- gh-128550: Removed an incorrect optimization relating
to eager tasks in asyncio.TaskGroup that resulted in
cancellations being missed.
- gh-128991: Release the enter frame reference within bdb
callback
- gh-128978: Fix a NameError in
sysconfig.expand_makefile_vars(). Patch by Bénédikt Tran.
- gh-128961: Fix a crash when setting state on an exhausted
array.array iterator.
- gh-128894: Fix
traceback.TracebackException._format_syntax_error not to
fail on exceptions with custom metadata.
- gh-128916: Do not attempt to set SO_REUSEPORT on sockets of
address families other than AF_INET and AF_INET6, as it is
meaningless with these address families, and the call with
fail with Linux kernel 6.12.9 and newer.
- gh-128679: Fix tracemalloc.stop() race condition. Fix
tracemalloc to support calling tracemalloc.stop() in
one thread, while another thread is tracing memory
allocations. Patch by Victor Stinner.
- gh-128636: Fix PyREPL failure when os.environ is
overwritten with an invalid value.
- gh-128562: Fix possible conflicts in generated tkinter
widget names if the widget class name ends with a digit.
- gh-128498: Default to stdout isatty for color detection
instead of stderr. Patch by Hugo van Kemenade.
- gh-128552: Fix cyclic garbage introduced
by asyncio.loop.create_task() and
asyncio.TaskGroup.create_task() holding a reference to the
created task if it is eager.
- gh-128479: Fix asyncio.staggered.staggered_race() leaking
tasks and issuing an unhandled exception.
- gh-128400: Fix crash when using
faulthandler.dump_traceback() while other threads are
active on the free threaded build.
- gh-88834: Unify the instance check for typing.Union and
types.UnionType: Union now uses the instance checks against
its parameters instead of the subclass checks.
- gh-128302: Fix
xml.dom.xmlbuilder.DOMEntityResolver.resolveEntity(), which
was broken by the Python 3.0 transition.
- gh-128302: Allow xml.dom.xmlbuilder.DOMParser.parse()
to correctly handle xml.dom.xmlbuilder.DOMInputSource
instances that only have a systemId attribute set.
- gh-112064: Fix incorrect handling of negative read sizes in
HTTPResponse.read. Patch by Yury Manushkin.
- gh-58956: Fixed a frame reference leak in bdb.
- gh-128131: Completely support random access of uncompressed
unencrypted read-only zip files obtained by ZipFile.open.
- gh-112328: enum.EnumDict can now be used without resorting
to private API.
- gh-127975: Avoid reusing quote types in ast.unparse() if
not needed.
- gh-128062: Revert the font of turtledemo’s menu bar to its
default value and display the shortcut keys in the correct
position.
- gh-128014: Fix resetting the default window icon by passing
default='' to the tkinter method wm_iconbitmap().
- gh-115514: Fix exceptions and incomplete writes after
asyncio._SelectorTransport is closed before writes are
completed.
- gh-41872: Fix quick extraction of module docstrings from
a file in pydoc. It now supports docstrings with single
quotes, escape sequences, raw string literals, and other
Python syntax.
- gh-127060: Set TERM environment variable to “dumb” to
disable traceback colors in IDLE, since IDLE doesn’t
understand ANSI escape sequences. Patch by Victor Stinner.
- gh-126742: Fix support of localized error messages reported
by dlerror(3) and gdbm_strerror in ctypes and dbm.gnu
functions respectively. Patch by Bénédikt Tran.
- gh-127873: When -E is set, only ignore PYTHON_COLORS
and not FORCE_COLOR/NO_COLOR/TERM when colourising
output. Patch by Hugo van Kemenade.
- gh-127870: Detect recursive calls in ctypes _as_parameter_
handling. Patch by Victor Stinner.
- gh-127847: Fix the position when doing interleaved seeks
and reads in uncompressed, unencrypted zip files returned
by zipfile.ZipFile.open().
- gh-127732: The platform module now correctly detects
Windows Server 2025.
- gh-126821: macOS and iOS apps can now choose to redirect
stdout and stderr to the system log during interpreter
configuration.
- gh-93312: Include <sys/pidfd.h> to get os.PIDFD_NONBLOCK
constant. Patch by Victor Stinner.
- gh-83662: Add missing __class_getitem__ method to the
Python implementation of functools.partial(), to make it
compatible with the C version. This is mainly relevant for
alternative Python implementations like PyPy and GraalPy,
because CPython will usually use the C-implementation of
that function.
- gh-127586: multiprocessing.pool.Pool now properly restores
blocked signal handlers of the parent thread when creating
processes via either spawn or forkserver.
- gh-98188: Fix an issue in
email.message.Message.get_payload() where data cannot be
decoded if the Content Transfer Encoding mechanism contains
trailing whitespaces or additional junk text. Patch by Hui
Liu.
- gh-127257: In ssl, system call failures that OpenSSL
reports using ERR_LIB_SYS are now raised as OSError.
- gh-127096: Do not recreate unnamed section on every read in
configparser.ConfigParser. Patch by Andrey Efremov.
- gh-127196: Fix crash when dict with keys in invalid
encoding were passed to several functions in _interpreters
module.
- gh-126775: Make linecache.checkcache() thread safe and GC
re-entrancy safe.
- gh-126332: Fix _pyrepl crash when entering a double CTRL-Z
on an overflowing line.
- gh-126225: getopt and optparse are no longer marked as
deprecated. There are legitimate reasons to use one of
these modules in preference to argparse, and none of these
modules are at risk of being removed from the standard
library. Of the three, argparse remains the recommended
default choice, unless one of the concerns noted at the top
of the optparse module documentation applies.
- gh-125553: Fix round-trip invariance for backslash
continuations in tokenize.untokenize().
- gh-123987: Fixed issue in NamespaceReader where a non-path
item in a namespace path, such as a sentinel added by an
editable installer, would break resource loading.
- gh-123401: The http.cookies module now supports parsing
obsolete RFC 850 date formats, in accordance with RFC 9110
requirements. Patch by Nano Zheng.
- gh-122431: readline.append_history_file() now raises a
ValueError when given a negative value.
- gh-119257: Show tab completions menu below the current
line, which results in less janky behaviour, and fixes a
cursor movement bug. Patch by Daniel Hollas
- Documentation
- gh-125722: Require Sphinx 8.1.3 or later to build the
Python documentation. Patch by Adam Turner.
- gh-67206: Document that string.printable is not
printable in the POSIX sense. In particular,
string.printable.isprintable() returns False. Patch by
Bénédikt Tran.
- Core and Builtins
- gh-129345: Fix null pointer dereference in syslog.openlog()
when an audit hook raises an exception.
- gh-129093: Fix f-strings such as f'{expr=}' sometimes not
displaying the full expression when the expression contains
!=.
- gh-124363: Treat debug expressions in f-string as raw
strings. Patch by Pablo Galindo
- gh-128799: Add frame of except* to traceback when it wraps
a naked exception.
- gh-128078: Fix a SystemError when using anext() with a
default tuple value. Patch by Bénédikt Tran.
- gh-128717: Fix a crash when setting the recursion limit
while other threads are active on the free threaded build.
- gh-128330: Restore terminal control characters on REPL
exit.
- gh-128079: Fix a bug where except* does not properly check
the return value of an ExceptionGroup’s split() function,
leading to a crash in some cases. Now when split() returns
an invalid object, except* raises a TypeError with the
original raised ExceptionGroup object chained to it.
- gh-128030: Avoid error from calling
PyModule_GetFilenameObject on a non-module object when
importing a non-existent symbol from a non-module object.
- gh-127903: Objects/unicodeobject.c: fix a crash on DEBUG
builds in _copy_characters when there is nothing to copy.
- gh-127599: Fix statistics for increments of object
reference counts (in particular, when a reference count was
increased by more than 1 in a single operation).
- gh-127651: When raising ImportError for missing symbols
in from imports, use __file__ in the error message if
__spec__.origin is not a location
- gh-127582: Fix non-thread-safe object resurrection when
calling finalizers and watcher callbacks in the free
threading build.
- gh-127434: The iOS compiler shims can now accept arguments
with spaces.
- gh-127536: Add missing locks around some list assignment
operations in the free threading build.
- gh-126862: Fix a possible overflow when a class inherits
from an absurd number of super-classes. Reported by Valery
Fedorenko. Patch by Bénédikt Tran.
- gh-127349: Fixed the error when resizing terminal in Python
REPL. Patch by Semyon Moroz.
- gh-126076: Relocated objects such as tuple, bytes and
str objects are properly tracked by tracemalloc and its
associated hooks. Patch by Pablo Galindo.
- C API
- gh-127791: Fix loss of callbacks after more than one call
to PyUnstable_AtExit().
- Build
- gh-129539: Don’t redefine EX_OK when the system has the
sysexits.h header.
- gh-128472: Skip BOLT optimization of functions using
computed gotos, fixing errors on build with LLVM 19.
- gh-123925: Fix building the curses module on platforms with
libncurses but without libncursesw.
- gh-128321: Set LIBS instead of LDFLAGS when checking if
sqlite3 library functions are available. This fixes the
ordering of linked libraries during checks, which was
incorrect when using a statically linked libsqlite3.
- gh-127865: Fix build failure on systems without
thread-locals support.
- Changes from version 3.13.1:
- Tools/Demos
- gh-126807: Fix extraction warnings in pygettext.py caused
by mistaking function definitions for function calls.
- gh-126167: The iOS testbed was modified so that it can be
used by third-party projects for testing purposes.
- Tests
- gh-126909: Fix test_os extended attribute tests to work on
filesystems with 1 KiB xattr size limit.
- gh-125041: Re-enable skipped tests for zlib on the
s390x architecture: only skip checks of the compressed
bytes, which can be different between zlib’s software
implementation and the hardware-accelerated implementation.
- gh-124295: Add translation tests to the argparse module.
- Security
- gh-126623: Upgrade libexpat to 2.6.4
- gh-125140: Remove the current directory from sys.path when
using PyREPL.
- gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to
consistently use the mapped IPv4 address value for deciding
properties. Properties which have their behavior fixed are
is_multicast, is_reserved, is_link_local, is_global, and
is_unspecified.
- Library
- gh-127321: pdb.set_trace() will not stop at an opcode that
does not have an associated line number anymore.
- gh-127303: Publicly expose EXACT_TOKEN_TYPES in
token.__all__.
- gh-123967: Fix faulthandler for trampoline frames. If the
top-most frame is a trampoline frame, skip it. Patch by
Victor Stinner.
- gh-127182: Fix io.StringIO.__setstate__() crash, when None
was passed as the first value.
- gh-127217: Fix urllib.request.pathname2url() for paths
starting with multiple slashes on Posix.
- gh-127035: Fix shutil.which on Windows. Now it looks at
direct match if and only if the command ends with a PATHEXT
extension or X_OK is not in mode. Support extensionless
files if “.” is in PATHEXT. Support PATHEXT extensions that
end with a dot.
- gh-122273: Support PyREPL history on Windows. Patch by
devdanzin and Victor Stinner.
- gh-127078: Fix issue where urllib.request.url2pathname()
failed to discard an extra slash before a UNC drive in the
URL path on Windows.
- gh-126766: Fix issue where urllib.request.url2pathname()
failed to discard any ‘localhost’ authority present in the
URL.
- gh-127065: Fix crash when calling a operator.methodcaller()
instance from multiple threads in the free threading build.
- gh-126997: Fix support of STRING and GLOBAL opcodes with
non-ASCII arguments in pickletools. pickletools.dis()
now outputs non-ASCII bytes in STRING, BINSTRING and
SHORT_BINSTRING arguments as escaped (\xXX).
- gh-126316: grp: Make grp.getgrall() thread-safe by adding a
mutex. Patch by Victor Stinner.
- gh-126618: Fix the representation of itertools.count
objects when the count value is sys.maxsize.
- gh-85168: Fix issue where urllib.request.url2pathname() and
pathname2url() always used UTF-8 when quoting and unquoting
file URIs. They now use the filesystem encoding and error
handler.
- gh-67877: Fix memory leaks when regular expression matching
terminates abruptly, either because of a signal or because
memory allocation fails.
- gh-126789: Fixed the values of sysconfig.get_config_vars(),
sysconfig.get_paths(), and their siblings when the site
initialization happens after sysconfig has built a cache
for sysconfig.get_config_vars().
- gh-126188: Update bundled pip to 24.3.1
- gh-126780: Fix os.path.normpath() for drive-relative paths
on Windows.
- gh-126766: Fix issue where urllib.request.url2pathname()
failed to discard two leading slashes introducing an empty
authority section.
- gh-126727: locale.nl_langinfo(locale.ERA) now returns
multiple era description segments separated by
semicolons. Previously it only returned the first segment
on platforms with Glibc.
- gh-126699: Allow collections.abc.AsyncIterator to be a base
for Protocols.
- gh-126654: Fix crash when non-dict was passed to several
functions in _interpreters module.
- gh-104745: Limit starting a patcher (from
unittest.mock.patch() or unittest.mock.patch.object()) more
than once without stopping it
- gh-126595: Fix a crash when instantiating itertools.count
with an initial count of sys.maxsize on debug builds. Patch
by Bénédikt Tran.
- gh-120423: Fix issue where urllib.request.pathname2url()
mishandled Windows paths with embedded forward slashes.
- gh-126565: Improve performances of zipfile.Path.open() for
non-reading modes.
- gh-126505: Fix bugs in compiling case-insensitive regular
expressions with character classes containing non-BMP
characters: upper-case non-BMP character did was ignored
and the ASCII flag was ignored when matching a character
range whose upper bound is beyond the BMP region.
- gh-117378: Fixed the multiprocessing 'forkserver'
start method forkserver process to correctly inherit
the parent’s sys.path during the importing of
multiprocessing.set_forkserver_preload() modules in the
same manner as sys.path is configured in workers before
executing work items.
- This bug caused some forkserver module preloading to
silently fail to preload. This manifested as a performance
degration in child processes when the sys.path was required
due to additional repeated work in every worker.
- It could also have a side effect of '' remaining in
sys.path during forkserver preload imports instead of the
absolute path from os.getcwd() at multiprocessing import
time used in the worker sys.path.
- The sys.path differences between phases in the child
process could potentially have caused preload to import
incorrect things from the wrong location. We are unaware of
that actually having happened in practice.
- gh-125679: The multiprocessing.Lock and
multiprocessing.RLock repr values no longer say “unknown”
on macOS.
- gh-126476: Raise calendar.IllegalMonthError (now a subclass
of IndexError) for calendar.month() when the input month is
not correct.
- gh-126489: The Python implementation of pickle no longer
calls pickle.Pickler.persistent_id() for the result of
persistent_id().
- gh-126313: Fix an issue in curses.napms() when
curses.initscr() has not yet been called. Patch by Bénédikt
Tran.
- gh-126303: Fix pickling and copying of os.sched_param
objects.
- gh-126138: Fix a use-after-free crash on asyncio.Task
objects whose underlying coroutine yields an object that
implements an evil __getattribute__(). Patch by Nico
Posada.
- gh-126220: Fix crash in cProfile.Profile and
_lsprof.Profiler when their callbacks were directly called
with 0 arguments.
- gh-126212: Fix issue where urllib.request.pathname2url()
and url2pathname() removed slashes from Windows DOS drive
paths and URLs.
- gh-126223: Raise a UnicodeEncodeError instead of a
SystemError upon calling _interpreters.create() with an
invalid Unicode character.
- gh-126205: Fix issue where urllib.request.pathname2url()
generated URLs beginning with four slashes (rather than
two) when given a Windows UNC path.
- gh-126105: Fix a crash in ast when the ast.AST._fields
attribute is deleted.
- gh-126106: Fixes a possible NULL pointer dereference in
ssl.
- gh-126080: Fix a use-after-free crash on asyncio.Task
objects for which the underlying event loop implements an
evil __getattribute__(). Reported by Nico-Posada. Patch by
Bénédikt Tran.
- gh-126083: Fixed a reference leak in asyncio.Task objects
when reinitializing the same object with a non-None
context. Patch by Nico Posada.
- gh-125984: Fix use-after-free crashes on asyncio.Future
objects for which the underlying event loop implements an
evil __getattribute__(). Reported by Nico-Posada. Patch by
Bénédikt Tran.
- gh-125969: Fix an out-of-bounds crash when an evil
asyncio.loop.call_soon() mutates the length of the internal
callbacks list. Patch by Bénédikt Tran.
- gh-125966: Fix a use-after-free crash in
asyncio.Future.remove_done_callback(). Patch by Bénédikt
Tran.
- gh-125789: Fix possible crash when mutating list of
callbacks returned by asyncio.Future._callbacks. It
now always returns a new copy in C implementation
_asyncio. Patch by Kumar Aditya.
- gh-124452: Fix an issue in
email.policy.EmailPolicy.header_source_parse() and
email.policy.Compat32.header_source_parse() that introduced
spurious leading whitespaces into header values when the
header includes a newline character after the header name
delimiter (:) and before the value.
- gh-125884: Fixed the bug for pdb where it can’t set
breakpoints on functions with certain annotations.
- gh-125355: Fix several bugs in
argparse.ArgumentParser.parse_intermixed_args().
- The parser no longer changes temporarily during
parsing.
- Default values are not processed twice.
- Required mutually exclusive groups containing
positional arguments are now supported.
- The missing arguments report now includes the names of
all required optional and positional arguments.
- Unknown options can be intermixed with positional
arguments in parse_known_intermixed_args().
- gh-125666: Avoid the exiting the interpreter if a null byte
is given as input in the new REPL.
- gh-125710: [Enum] fix hashable<->nonhashable comparisons
for member values
- gh-125631: Restore ability to set persistent_id and
persistent_load attributes of instances of the Pickler and
Unpickler classes in the pickle module.
- gh-125378: Fixed the bug in pdb where after a multi-line
command, an empty line repeats the first line of the
multi-line command, instead of the full command.
- gh-125682: Reject non-ASCII digits in the Python
implementation of json.loads() conforming to the JSON
specification.
- gh-125660: Reject invalid unicode escapes for Python
implementation of json.loads().
- gh-125259: Fix the notes removal logic for errors thrown in
enum initialization.
- gh-125590: Allow FrameLocalsProxy to delete and pop if the
key is not a fast variable.
- gh-125519: Improve traceback if importlib.reload() is
called with an object that is not a module. Patch by Alex
Waygood.
- gh-125451: Fix deadlock when
concurrent.futures.ProcessPoolExecutor shuts down
concurrently with an error when feeding a job to a worker
process.
- gh-125422: Fixed the bug where pdb and bdb can step into
the bottom caller frame.
- gh-100141: Fixed the bug where pdb will be stuck in an
infinite loop when debugging an empty file.
- gh-125115: Fixed a bug in pdb where arguments starting with
- can’t be passed to the debugged script.
- gh-53203: Fix time.strptime() for %c, %x and %X formats
in many locales that use non-ASCII digits, like Persian,
Burmese, Odia and Shan.
- gh-125398: Fix the conversion of the VIRTUAL_ENV path in
the activate script in venv when running in Git Bash for
Windows.
- gh-125316: Fix using functools.partial() as enum.Enum
member. A FutureWarning with suggestion to use
enum.member() is now emitted when the partial instance is
used as an enum member.
- gh-125245: Fix race condition when importing
collections.abc, which could incorrectly return an empty
module.
- gh-125243: Fix data race when creating zoneinfo.ZoneInfo
objects in the free threading build.
- gh-125254: Fix a bug where ArgumentError includes the
incorrect ambiguous option in argparse.
- gh-125235: Keep tkinter TCL paths in venv pointing to base
installation on Windows.
- gh-61011: Fix inheritance of nested mutually
exclusive groups from parent parser in
argparse.ArgumentParser. Previously, all nested mutually
exclusive groups lost their connection to the group
containing them and were displayed as belonging directly to
the parser.
- gh-52551: Fix encoding issues in time.strftime(), the
strftime() method of the datetime classes datetime, date
and time and formatting of these classes. Characters
not encodable in the current locale are now acceptable
in the format string. Surrogate pairs and sequence
of surrogatescape-encoded bytes are no longer
recombinated. Embedded null character no longer terminates
the format string.
- gh-125118: Don’t copy arbitrary values to _Bool in the
struct module.
- gh-125069: Fix an issue where providing a pathlib.PurePath
object as an initializer argument to a second PurePath
object with a different parser resulted in arguments to
the former object’s initializer being joined by the latter
object’s parser.
- gh-125096: If the PYTHON_BASIC_REPL environment variable
is set, the site module no longer imports the _pyrepl
module. Moreover, the site module now respects -E and -I
command line options: ignore PYTHON_BASIC_REPL in this
case. Patch by Victor Stinner.
- gh-124969: Fix locale.nl_langinfo(locale.ALT_DIGITS) on
platforms with glibc. Now it returns a string consisting of
up to 100 semicolon-separated symbols (an empty string in
most locales) on all Posix platforms. Previously it only
returned the first symbol or an empty string.
- gh-124960: Fix support for the barry_as_FLUFL future flag
in the new REPL.
- gh-124984: Fixed thread safety in ssl in the free-threaded
build. OpenSSL operations are now protected by a per-object
lock.
- gh-124958: Fix refcycles in exceptions raised from
asyncio.TaskGroup and the python implementation of
asyncio.Future
- gh-53203: Fix time.strptime() for %c and %x formats in many
locales: Arabic, Bislama, Breton, Bodo, Kashubian, Chuvash,
Estonian, French, Irish, Ge’ez, Gurajati, Manx Gaelic,
Hebrew, Hindi, Chhattisgarhi, Haitian Kreyol, Japanese,
Kannada, Korean, Marathi, Malay, Norwegian, Nynorsk,
Punjabi, Rajasthani, Tok Pisin, Yoruba, Yue Chinese,
Yau/Nungon and Chinese.
- gh-124917: Allow calling os.path.exists() and
os.path.lexists() with keyword arguments on Windows. Fixes
a regression in 3.13.0.
- gh-124653: Fix detection of the minimal Queue API needed by
the logging module. Patch by Bénédikt Tran.
- gh-124858: Fix reference cycles left in tracebacks
in asyncio.open_connection() when used with
happy_eyeballs_delay
- gh-124390: Fixed AssertionError when using
asyncio.staggered.staggered_race() with
asyncio.eager_task_factory.
- gh-124651: Properly quote template strings in venv
activation scripts (bsc#1232241, CVE-2024-9287).
- gh-116850: Fix argparse for namespaces with not directly
writable dict (e.g. classes).
- gh-58573: Fix conflicts between abbreviated long options in
the parent parser and subparsers in argparse.
- gh-124594: All asyncio REPL prompts run in the same
context. Contributed by Bartosz Sławecki.
- gh-61181: Fix support of choices with string value in
argparse. Substrings of the specified string no longer
considered valid values.
- gh-80259: Fix argparse support of positional arguments with
nargs='?', default=argparse.SUPPRESS and specified type.
- gh-120378: Fix a crash related to an integer overflow in
curses.resizeterm() and curses.resize_term().
- gh-123884: Fixed bug in itertools.tee() handling of other
tee inputs (a tee in a tee). The output now has the
promised n independent new iterators. Formerly, the first
iterator was identical (not independent) to the input
iterator. This would sometimes give surprising results.
- gh-58956: Fixed a bug in pdb where sometimes the breakpoint
won’t trigger if it was set on a function which is already
in the call stack.
- gh-124345: argparse vim supports abbreviated single-dash
long options separated by = from its value.
- gh-104860: Fix disallowing abbreviation of single-dash long
options in argparse with allow_abbrev=False.
- gh-63143: Fix parsing mutually exclusive arguments in
argparse. Arguments with the value identical to the default
value (e.g. booleans, small integers, empty or 1-character
strings) are no longer considered “not present”.
- gh-72795: Positional arguments with nargs equal to '*' or
argparse.REMAINDER are no longer required. This allows to
use positional argument with nargs='*' and without default
in mutually exclusive group and improves error message
about required arguments.
- gh-59317: Fix parsing positional argument with nargs equal
to '?' or '*' if it is preceded by an option and another
positional argument.
- gh-53780: argparse now ignores the first '--' (double dash)
between an option and command.
- gh-124217: Add RFC 9637 reserved IPv6 block 3fff::/20 in
ipaddress module.
- gh-81691: Fix handling of multiple '--' (double dashes)
in argparse. Only the first one has now been removed, all
subsequent ones are now taken literally.
- gh-123978: Remove broken time.thread_time() and
time.thread_time_ns() on NetBSD.
- gh-124008: Fix possible crash (in debug build), incorrect
output or returning incorrect value from raw binary write()
when writing to console on Windows.
- gh-123935: Fix parent slots detection for dataclasses that
inherit from classes with __dictoffset__.
- gh-122765: Fix unbalanced quote errors occurring when
activate.csh in venv was sourced with a custom prompt
containing unpaired quotes or newlines.
- gh-123370: Fix the canvas not clearing after running
turtledemo clock.
- gh-116810: Resolve a memory leak introduced in CPython
3.10’s ssl when the ssl.SSLSocket.session property was
accessed. Speeds up read and write access to said property
by no longer unnecessarily cloning session objects via
serialization.
- gh-120754: Update unbounded read calls in zipfile to
specify an explicit size putting a limit on how much data
they may read. This also updates handling around ZIP max
comment size to match the standard instead of reading
comments that are one byte too long.
- gh-70764: Fixed an issue where inspect.getclosurevars()
would incorrectly classify an attribute name as a global
variable when the name exists both as an attribute name and
a global variable.
- gh-118289: posixpath.realpath() now raises
NotADirectoryError when strict mode is enabled and a
non-directory path with a trailing slash is supplied.
- gh-119826: Always return an absolute path for
os.path.abspath() on Windows.
- gh-117766: Always use str() to print choices in argparse.
- gh-101955: Fix SystemError when match regular expression
pattern containing some combination of possessive
quantifier, alternative and capture group.
- gh-88110: Fixed multiprocessing.Process reporting a
.exitcode of 1 even on success when using the 'fork' start
method while using a concurrent.futures.ThreadPoolExecutor.
- gh-71936: Fix a race condition in
multiprocessing.pool.Pool.
- bpo-46128: Strip unittest.IsolatedAsyncioTestCase stack
frames from reported stacktraces.
- bpo-14074: Fix argparse metavar processing to allow
positional arguments to have a tuple metavar.
- IDLE
- gh-122392: Increase currently inadequate vertical spacing
for the IDLE browsers (path, module, and stack) on
high-resolution monitors.
- Documentation
- gh-126622: Added stub pages for removed modules explaining
their removal, where to find replacements, and linking to
the last Python version that supported them. Contributed by
Ned Batchelder.
- gh-125277: Require Sphinx 7.2.6 or later to build the
Python documentation. Patch by Adam Turner.
- gh-124872: Added definitions for context, current
context, and context management protocol, updated
related definitions to be consistent, and expanded the
documentation for contextvars.Context.
- gh-125018: The importlib.metadata documentation now
includes semantic cross-reference targets for the
significant documented APIs. This means intersphinx
references like importlib.metadata.version() will now work
as expected.
- gh-70870: Clarified the dual usage of the term “free
variable” (both the formal meaning of any reference
to names defined outside the local scope, and the
narrower pragmatic meaning of nonlocal variables named in
co_freevars).
- gh-121277: Writers of CPython’s documentation can now use
next as the version for the versionchanged, versionadded,
deprecated directives.
- gh-60712: Include the object type in the lists of
documented types. Change by Furkan Onder and Martin Panter.
- bpo-34008: The Py_Main() documentation moved from the
“Very High Level API” section to the “Initialization and
Finalization” section.
- Also make it explicit that we expect Py_Main to
typically be called instead of Py_Initialize rather
than after it (since Py_Main makes its own call to
Py_Initialize). Document that calling both is supported
but is version dependent on which settings will be applied
correctly.
- Core and Builtins
- gh-113841: Fix possible undefined behavior division by zero
in complex’s _Py_c_pow().
- gh-127020: Fix a crash in the free threading build
when PyCode_GetCode(), PyCode_GetVarnames(),
PyCode_GetCellvars(), or PyCode_GetFreevars() were called
from multiple threads at the same time.
- gh-126980: Fix __buffer__() of bytearray crashing when READ
or WRITE are passed as flags.
- gh-126881: Fix crash in finalization of dtoa state. Patch
by Kumar Aditya.
- gh-126341: Now ValueError is raised instead of SystemError
when trying to iterate over a released memoryview object.
- gh-126688: Fix a crash when calling os.fork() on some
operating systems, including SerenityOS.
- gh-126066: Fix importlib to not write an incomplete
.pyc files when a ulimit or some other operating system
mechanism is preventing the write to go through fully.
- gh-126312: Fix crash during garbage collection on an object
frozen by gc.freeze() on the free-threaded build.
- gh-126139: Provide better error location when attempting to
use a future statement with an unknown future feature.
- gh-126018: Fix a crash in sys.audit() when passing a
non-string as first argument and Python was compiled in
debug mode.
- gh-125942: On Android, the errors setting of sys.stdout was
changed from surrogateescape to backslashreplace.
- gh-125859: Fix a crash in the free threading build when
gc.get_objects() or gc.get_referrers() is called during an
in-progress garbage collection.
- gh-125703: Correctly honour tracemalloc hooks in
specialized Py_DECREF paths. Patch by Pablo Galindo
- gh-125593: Use color to highlight error locations in
traceback from exception group
- gh-125444: Fix illegal instruction for older Arm
architectures. Patch by Diego Russo, testing by Ross
Burton.
- gh-124375: Fix a crash in the free threading build when the
GC runs concurrently with a new thread starting.
- gh-125221: Fix possible race condition when calling
__reduce_ex__() for the first time in the free threading
build.
- gh-125038: Fix crash when iterating over a generator
expression after direct changes on gi_frame.f_locals. Patch
by Mikhail Efimov.
- gh-123378: Fix a crash in the __str__() method of
UnicodeError objects when the UnicodeError.start and
UnicodeError.end values are invalid or out-of-range. Patch
by Bénédikt Tran.
- gh-116510: Fix a crash caused by immortal interned strings
being shared between sub-interpreters that use basic
single-phase init. In that case, the string can be used
by an interpreter that outlives the interpreter that
created and interned it. For interpreters that share
obmalloc state, also share the interned dict with the main
interpreter.
- gh-122878: Use the pager binary, if available (e.g. on
Debian and derivatives), to display REPL help().
- gh-124188: Fix reading and decoding a line from the source
file witn non-UTF-8 encoding for syntax errors raised in
the compiler.
- gh-123930: Improve the error message when a script
shadowing a module from the standard library causes
ImportError to be raised during a “from” import. Similarly,
improve the error message when a script shadowing a third
party module attempts to “from” import an attribute from
that third party module while still initialising.
- gh-122907: Building with HAVE_DYNAMIC_LOADING
now works as well as it did in 3.12. Existing
deficiences will be addressed separately. (See
https://github.com/python/cpython/issues/122950.)
- gh-118950: Fix bug where SSLProtocol.connection_lost wasn’t
getting called when OSError was thrown on writing to
socket.
- gh-113570: Fixed a bug in reprlib.repr where it incorrectly
called the repr method on shadowed Python built-in types.
- gh-109746: If _thread.start_new_thread() fails to start a
new thread, it deletes its state from interpreter and thus
avoids its repeated cleanup on finalization.
- C API
- gh-126554: Fix error handling in ctypes.CDLL objects which
could result in a crash in rare situations.
- gh-125608: Fix a bug where dictionary watchers
(e.g., PyDict_Watch()) on an object’s attribute dictionary
(__dict__) were not triggered when the object’s attributes
were modified.
- bpo-34008: Added Py_IsInitialized to the list of APIs that
are safe to call before the interpreter is initialized, and
updated the embedding tests to cover it.
- Build
- gh-123877: Set wasm32-wasip1 as the WASI target. The old
wasm32-wasi target is deprecated so it can be used for an
eventual WASI 1.0.
- gh-89640: Hard-code float word ordering as little endian on
WASM.
- gh-125940: The Android build now supports 16 KB page sizes.
- gh-89640: Improve detection of float word ordering on Linux
when link-time optimizations are enabled.
- gh-125269: Fix detection of whether -latomic is needed when
cross-compiling CPython using the configure script.
- gh-121634: Allow for specifying the target compile triple
for WASI.
- gh-122578: Use WASI SDK 24 for testing.
- gh-115382: Fix cross compile failures when the host and
target SOABIs match.
- Skip PGO with %want_reproducible_builds (bsc#1239210).
- Configure externally_managed with a bcond https://en.opensuse.org/openSUSE:Python:Externally_managed (bsc#1228165).
Patchnames: SUSE-2025-2074,SUSE-SLE-Module-Python3-15-SP7-2025-2074
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4 (Medium)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
8.2 (High)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.2 (High)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.1 (Medium)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.4 (High)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
42 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python313",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python313 fixes the following issues:\n\nUpdate to version 3.13.5.\n\nSecurity issues fixed:\n\n- CVE-2025-4517: arbitrary filesystem writes outside the extraction directory during extraction with filter=\u0027data\u0027 (bsc#1244032)\n- CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273).\n- CVE-2025-4330: extraction filter bypass for linking outside extraction directory (bsc#1244060)\n- CVE-2025-4138: may allow symlink targets to point outside the destination directory, and the modification of some file metadata.\n (bsc#1244059)\n- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse (bsc#1236705).\n- CVE-2024-12718: bypass extraction filter to modify file metadata outside extraction directory (bsc#1244056)\n- CVE-2024-12254: memory exhaustion due to unbounded memory buffering in `SelectorSocketTransport.writelines()`\n (bsc#1234290).\n\n\nOther changes and issues fixed:\n \n \nChanges from 3.13.5:\n\n - Tests\n\n - gh-135120: Add test.support.subTests().\n\n - Library\n\n - gh-133967: Do not normalize locale name \u2018C.UTF-8\u2019 to\n \u2018en_US.UTF-8\u2019.\n - gh-135326: Restore support of integer-like objects with\n __index__() in random.getrandbits().\n - gh-135321: Raise a correct exception for values greater\n than 0x7fffffff for the BINSTRING opcode in the C\n implementation of pickle.\n - gh-135276: Backported bugfixes in zipfile.Path from\n zipp 3.23. Fixed .name, .stem and other basename-based\n properties on Windows when working with a zipfile on disk.\n - gh-134151: email: Fix TypeError in\n email.utils.decode_params() when sorting RFC 2231\n continuations that contain an unnumbered section.\n - gh-134152: email: Fix parsing of email message ID with\n invalid domain.\n - gh-127081: Fix libc thread safety issues with os by\n replacing getlogin with getlogin_r re-entrant version.\n - gh-131884: Fix formatting issues in json.dump() when both\n indent and skipkeys are used.\n - Core and Builtins\n - gh-135171: Roll back changes to generator and list\n comprehensions that went into 3.13.4 to fix gh-127682,\n but which involved semantic and bytecode changes not\n appropriate for a bugfix release.\n - C API\n - gh-134989: Fix Py_RETURN_NONE, Py_RETURN_TRUE and\n Py_RETURN_FALSE macros in the limited C API 3.11 and\n older: don\u2019t treat Py_None, Py_True and Py_False as\n immortal. Patch by Victor Stinner.\n - gh-134989: Implement PyObject_DelAttr() and\n PyObject_DelAttrString() as macros in the limited C API\n 3.12 and older. Patch by Victor Stinner.\n\nChanges from 3.13.4:\n\n - Security\n\n - gh-135034: Fixes multiple issues that allowed tarfile\n extraction filters (filter=\u0027data\u0027 and filter=\u0027tar\u0027) to be\n bypassed using crafted symlinks and hard links.\n Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138\n (bsc#1244059), CVE-2025-4330 (bsc#1244060), and\n CVE-2025-4517 (bsc#1244032).\n - gh-133767: Fix use-after-free in the \u201cunicode-escape\u201d\n decoder with a non-\u201cstrict\u201d error handler (CVE-2025-4516,\n bsc#1243273).\n - gh-128840: Short-circuit the processing of long IPv6\n addresses early in ipaddress to prevent excessive memory\n consumption and a minor denial-of-service.\n - Library\n - gh-134718: ast.dump() now only omits None and [] values if\n they are default values.\n - gh-128840: Fix parsing long IPv6 addresses with embedded\n IPv4 address.\n - gh-134696: Built-in HACL* and OpenSSL implementations of\n hash function constructors now correctly accept the same\n documented named arguments. For instance, md5() could be\n previously invoked as md5(data=data) or md5(string=string)\n depending on the underlying implementation but these calls\n were not compatible. Patch by B\u00e9n\u00e9dikt Tran.\n - gh-134210: curses.window.getch() now correctly handles\n signals. Patch by B\u00e9n\u00e9dikt Tran.\n - gh-80334: multiprocessing.freeze_support() now checks for\n work on any \u201cspawn\u201d start method platform rather than only\n on Windows.\n - gh-114177: Fix asyncio to not close subprocess pipes which\n would otherwise error out when the event loop is already\n closed.\n - gh-134152: Fixed UnboundLocalError that could occur during\n email header parsing if an expected trailing delimiter is\n missing in some contexts.\n - gh-62184: Remove import of C implementation of io.FileIO\n from Python implementation which has its own implementation\n - gh-133982: Emit RuntimeWarning in the Python implementation\n of io when the file-like object is not closed explicitly in\n the presence of multiple I/O layers.\n - gh-133890: The tarfile module now handles\n UnicodeEncodeError in the same way as OSError when cannot\n extract a member.\n - gh-134097: Fix interaction of the new REPL and -X\n showrefcount command line option.\n - gh-133889: The generated directory listing page in\n http.server.SimpleHTTPRequestHandler now only shows the\n decoded path component of the requested URL, and not the\n query and fragment.\n - gh-134098: Fix handling paths that end with\n a percent-encoded slash (%2f or %2F) in\n http.server.SimpleHTTPRequestHandler.\n - gh-134062: ipaddress: fix collisions in __hash__() for\n IPv4Network and IPv6Network objects.\n - gh-133745: In 3.13.3 we accidentally changed the signature\n of the asyncio create_task() family of methods and how it\n calls a custom task factory in a backwards incompatible\n way. Since some 3rd party libraries have already made\n changes to work around the issue that might break if\n we simply reverted the changes, we\u2019re instead changing\n things to be backwards compatible with 3.13.2 while still\n supporting those workarounds for 3.13.3. In particular, the\n special-casing of name and context is back (until 3.14) and\n consequently eager tasks may still find that their name\n hasn\u2019t been set before they execute their first yielding\n await.\n - gh-71253: Raise ValueError in open() if opener returns a\n negative file-descriptor in the Python implementation of io\n to match the C implementation.\n - gh-77057: Fix handling of invalid markup declarations in\n html.parser.HTMLParser.\n - gh-133489: random.getrandbits() can now generate more that\n 231 bits. random.randbytes() can now generate more that 256\n MiB.\n - gh-133290: Fix attribute caching issue when setting\n ctypes._Pointer._type_ in the undocumented and deprecated\n ctypes.SetPointerType() function and the undocumented\n set_type() method.\n - gh-132876: ldexp() on Windows doesn\u2019t round subnormal\n results before Windows 11, but should. Python\u2019s\n math.ldexp() wrapper now does round them, so results may\n change slightly, in rare cases of very small results, on\n Windows versions before 11.\n - gh-133089: Use original timeout value for\n subprocess.TimeoutExpired when the func subprocess.run()\n is called with a timeout instead of sometimes a confusing\n partial remaining time out value used internally on the\n final wait().\n - gh-133009: xml.etree.ElementTree: Fix a crash in\n Element.__deepcopy__ when the element is concurrently\n mutated. Patch by B\u00e9n\u00e9dikt Tran.\n - gh-132995: Bump the version of pip bundled in ensurepip to\n version 25.1.1\n - gh-132017: Fix error when pyrepl is suspended, then resumed\n and terminated.\n - gh-132673: Fix a crash when using _align_ = 0 and _fields_\n = [] in a ctypes.Structure.\n - gh-132527: Include the valid typecode \u2018w\u2019 in the error\n message when an invalid typecode is passed to array.array.\n - gh-132439: Fix PyREPL on Windows: characters entered via\n AltGr are swallowed. Patch by Chris Eibl.\n - gh-132429: Fix support of Bluetooth sockets on NetBSD and\n DragonFly BSD.\n - gh-132106: QueueListener.start now raises a RuntimeError if\n the listener is already started.\n - gh-132417: Fix a NULL pointer dereference when a C function\n called using ctypes with restype py_object returns NULL.\n - gh-132385: Fix instance error suggestions trigger potential\n exceptions in object.__getattr__() in traceback.\n - gh-132308: A traceback.TracebackException now correctly\n renders the __context__ and __cause__ attributes from\n falsey Exception, and the exceptions attribute from falsey\n ExceptionGroup.\n - gh-132250: Fixed the SystemError in cProfile when locating\n the actual C function of a method raises an exception.\n - gh-132063: Prevent exceptions that evaluate as\n falsey (namely, when their __bool__ method returns\n False or their __len__ method returns 0) from being\n ignored by concurrent.futures.ProcessPoolExecutor and\n concurrent.futures.ThreadPoolExecutor.\n - gh-119605: Respect follow_wrapped for __init__() and\n __new__() methods when getting the class signature for a\n class with inspect.signature(). Preserve class signature\n after wrapping with warnings.deprecated(). Patch by Xuehai\n Pan.\n - gh-91555: Ignore log messages generated during handling of\n log messages, to avoid deadlock or infinite recursion.\n - gh-131434: Improve error reporting for incorrect format in\n time.strptime().\n - gh-131127: Systems using LibreSSL now successfully build.\n - gh-130999: Avoid exiting the new REPL and offer suggestions\n even if there are non-string candidates when errors occur.\n - gh-130941: Fix configparser.ConfigParser parsing empty\n interpolation with allow_no_value set to True.\n - gh-129098: Fix REPL traceback reporting when using\n compile() with an inexisting file. Patch by B\u00e9n\u00e9dikt Tran.\n - gh-130631: http.cookiejar.join_header_words() is now more\n similar to the original Perl version. It now quotes the\n same set of characters and always quote values that end\n with \u0027\\n\u0027.\n - gh-129719: Fix missing socket.CAN_RAW_ERR_FILTER constant\n in the socket module on Linux systems. It was missing since\n Python 3.11.\n - gh-124096: Turn on virtual terminal mode and enable\n bracketed paste in REPL on Windows console. (If the\n terminal does not support bracketed paste, enabling it does\n nothing.)\n - gh-122559: Remove __reduce__() and __reduce_ex__() methods\n that always raise TypeError in the C implementation\n of io.FileIO, io.BufferedReader, io.BufferedWriter\n and io.BufferedRandom and replace them with default\n __getstate__() methods that raise TypeError. This restores\n fine details of behavior of Python 3.11 and older versions.\n - gh-122179: hashlib.file_digest() now raises BlockingIOError\n when no data is available during non-blocking I/O. Before,\n it added spurious null bytes to the digest.\n - gh-86155: html.parser.HTMLParser.close() no longer loses\n data when the \u003cscript\u003e tag is not closed. Patch by Waylan\n Limberg.\n - gh-69426: Fix html.parser.HTMLParser to not unescape\n character entities in attribute values if they are followed\n by an ASCII alphanumeric or an equals sign.\n - bpo-44172: Keep a reference to original curses windows in\n subwindows so that the original window does not get deleted\n before subwindows.\n - Tests\n - gh-133744: Fix multiprocessing interrupt test. Add an event\n to synchronize the parent process with the child process:\n wait until the child process starts sleeping. Patch by\n Victor Stinner.\n - gh-133639: Fix\n TestPyReplAutoindent.test_auto_indent_default() doesn\u2019t run\n input_code.\n - gh-133131: The iOS testbed will now select the most\n recently released \u201cSE-class\u201d device for testing if a device\n isn\u2019t explicitly specified.\n - gh-109981: The test helper that counts the list of open\n file descriptors now uses the optimised /dev/fd approach on\n all Apple platforms, not just macOS. This avoids crashes\n caused by guarded file descriptors.\n - IDLE\n - gh-112936: fix IDLE: no Shell menu item in single-process\n mode.\n - Documentation\n - gh-107006: Move documentation and example code for\n threading.local from its docstring to the official docs.\n - Core and Builtins\n - gh-134908: Fix crash when iterating over lines in a text\n file on the free threaded build.\n - gh-127682: No longer call __iter__ twice in list\n comprehensions. This brings the behavior of list\n comprehensions in line with other forms of iteration\n - gh-134381: Fix RuntimeError when using a not-started\n threading.Thread after calling os.fork()\n - gh-128066: Fixes an edge case where PyREPL improperly threw\n an error when Python is invoked on a read only filesystem\n while trying to write history file entries.\n - gh-134100: Fix a use-after-free bug that occurs when an\n imported module isn\u2019t in sys.modules after its initial\n import. Patch by Nico-Posada.\n - gh-133703: Fix hashtable in dict can be bigger than\n intended in some situations.\n - gh-132869: Fix crash in the free threading build when\n accessing an object attribute that may be concurrently\n inserted or deleted.\n - gh-132762: fromkeys() no longer loops forever when adding\n a small set of keys to a large base dict. Patch by Angela\n Liss.\n - gh-133543: Fix a possible memory leak that could occur when\n directly accessing instance dictionaries (__dict__) that\n later become part of a reference cycle.\n - gh-133516: Raise ValueError when constants True, False or\n None are used as an identifier after NFKC normalization.\n - gh-133441: Fix crash upon setting an attribute with a dict\n subclass. Patch by Victor Stinner.\n - gh-132942: Fix two races in the type lookup cache. This\n affected the free-threaded build and could cause crashes\n (apparently quite difficult to trigger).\n - gh-132713: Fix repr(list) race condition: hold a strong\n reference to the item while calling repr(item). Patch by\n Victor Stinner.\n - gh-132747: Fix a crash when calling __get__() of a method\n with a None second argument.\n - gh-132542: Update Thread.native_id after fork(2) to ensure\n accuracy. Patch by Noam Cohen.\n - gh-124476: Fix decoding from the locale encoding in the\n C.UTF-8 locale.\n - gh-131927: Compiler warnings originating from the same\n module and line number are now only emitted once, matching\n the behaviour of warnings emitted from user code. This can\n also be configured with warnings filters.\n - gh-127682: No longer call __iter__ twice when creating and\n executing a generator expression. Creating a generator\n expression from a non-interable will raise only when the\n generator expression is executed. This brings the behavior\n of generator expressions in line with other generators.\n - gh-131878: Handle uncaught exceptions in the main input\n loop for the new REPL.\n - gh-131878: Fix support of unicode characters with two or\n more codepoints on Windows in the new REPL.\n - gh-130804: Fix support of unicode characters on Windows in\n the new REPL.\n - gh-130070: Fixed an assertion error for exec() passed a\n string source and a non-None closure. Patch by Bartosz\n S\u0142awecki.\n - gh-129958: Fix a bug that was allowing newlines\n inconsitently in format specifiers for single-quoted\n f-strings. Patch by Pablo Galindo.\n - C API\n - gh-132909: Fix an overflow when handling the K format in\n Py_BuildValue(). Patch by B\u00e9n\u00e9dikt Tran.\n\n- Changes from version 3.13.3\n\n - Tools/Demos\n - gh-131852: msgfmt no longer adds the POT-Creation-Date to\n generated .mo files for consistency with GNU msgfmt.\n - gh-85012: Correctly reset msgctxt when compiling messages\n in msgfmt.\n - gh-130025: The iOS testbed now correctly handles symlinks\n used as Python framework references.\n - Tests\n - gh-131050: test_ssl.test_dh_params is skipped if the\n underlying TLS library does not support finite-field\n ephemeral Diffie-Hellman.\n - gh-129200: Multiple iOS testbed runners can now be started\n at the same time without introducing an ambiguity over\n simulator ownership.\n - gh-130292: The iOS testbed will now run successfully on a\n machine that has not previously run Xcode tests (such as CI\n configurations).\n - gh-130293: The tests of terminal colorization are no longer\n sensitive to the value of the TERM variable in the testing\n environment.\n - gh-126332: Add unit tests for pyrepl.\n - Security\n - gh-131809: Update bundled libexpat to 2.7.1\n - gh-131261: Upgrade to libexpat 2.7.0\n - gh-127371: Avoid unbounded buffering for\n tempfile.SpooledTemporaryFile.writelines(). Previously,\n disk spillover was only checked after the lines iterator\n had been exhausted. This is now done after each line is\n written.\n - gh-121284: Fix bug in the folding of rfc2047 encoded-words\n when flattening an email message using a modern email\n policy. Previously when an encoded-word was too long for\n a line, it would be decoded, split across lines, and\n re-encoded. But commas and other special characters in the\n original text could be left unencoded and unquoted. This\n could theoretically be used to spoof header lines using\n a carefully constructed encoded-word if the resulting\n rendered email was transmitted or re-parsed.\n - Library\n - gh-132174: Fix function name in error message of\n _interpreters.run_string.\n - gh-132171: Fix crash of _interpreters.run_string on string\n subclasses.\n - gh-129204: Introduce new _PYTHON_SUBPROCESS_USE_POSIX_SPAWN\n environment variable knob in subprocess to control the use\n of os.posix_spawn().\n - gh-132159: Do not shadow user arguments in generated\n __new__() by decorator warnings.deprecated. Patch by Xuehai\n Pan.\n - gh-132075: Fix possible use of socket address structures\n with uninitialized members. Now all structure members are\n initialized with zeroes by default.\n - gh-132002: Fix crash when deallocating\n contextvars.ContextVar with weird unahashable string names.\n - gh-131668: socket: Fix code parsing AF_BLUETOOTH socket\n addresses.\n - gh-131492: Fix a resource leak when constructing a\n gzip.GzipFile with a filename fails, for example when\n passing an invalid compresslevel.\n - gh-131325: Fix sendfile fallback implementation to drain\n data after writing to transport in asyncio.\n - gh-129843: Fix incorrect argument passing in\n warnings.warn_explicit().\n - gh-131204: Use monospace font from System Font Stack for\n cross-platform support in difflib.HtmlDiff.\n - gh-130940: The PyConfig.use_system_logger attribute,\n introduced in Python 3.13.2, has been removed. The\n introduction of this attribute inadvertently introduced an\n ABI breakage on macOS and iOS. The use of the system logger\n is now enabled by default on iOS, and disabled by default\n on macOS.\n - gh-131045: Fix issue with __contains__, values, and\n pseudo-members for enum.Flag.\n - gh-130959: Fix pure-Python implementation of\n datetime.time.fromisoformat() to reject times with spaces\n in fractional part (for example, 12:34:56.400 +02:00),\n matching the C implementation. Patch by Micha\u0142 Gorny.\n - gh-130637: Add validation for numeric response data in\n poplib.POP3.stat() method\n - gh-130461: Remove .. index:: directives from the uuid\n module documentation. These directives previously created\n entries in the general index for getnode() as well as\n the uuid1(), uuid3(), uuid4(), and uuid5() constructor\n functions.\n - gh-130379: The zipapp module now calculates the list of\n files to be added to the archive before creating the\n archive. This avoids accidentally including the target when\n it is being created in the source directory.\n - gh-130285: Fix corner case for random.sample() allowing the\n counts parameter to specify an empty population. So now,\n sample([], 0, counts=[]) and sample(\u0027abc\u0027, k=0, counts=[0,\n 0, 0]) both give the same result as sample([], 0).\n - gh-130250: Fix regression in traceback.print_last().\n - gh-130230: Fix crash in pow() with only Decimal third\n argument.\n - gh-118761: Reverts a change in the previous release\n attempting to make some stdlib imports used within the\n subprocess module lazy as this was causing errors during\n __del__ finalizers calling methods such as terminate, or\n kill, or send_signal.\n - gh-130164: Fixed failure to raise TypeError in\n inspect.Signature.bind() for positional-only arguments\n provided by keyword when a variadic keyword argument (e.g.\n --kwargs) is present.\n - gh-130151: Fix reference leaks in _hashlib.hmac_new() and\n _hashlib.hmac_digest(). Patch by B\u00e9n\u00e9dikt Tran.\n - gh-130145: Fix asyncio.AbstractEventloop.run_forever() when\n another loop is already running.\n - gh-129726: Fix gzip.GzipFile raising an unraisable\n exception during garbage collection when referring to\n a temporary object by breaking the reference loop with\n weakref.\n - gh-127750: Remove broken functools.singledispatchmethod()\n caching introduced in gh-85160.\n - gh-129583: Update bundled pip to 25.0.1\n - gh-97850: Update the deprecation warning of\n importlib.abc.Loader.load_module().\n - gh-129646: Update the locale alias mapping in the locale\n module to match the latest X Org locale alias mapping and\n support new locales in Glibc 2.41.\n - gh-129603: Fix bugs where sqlite3.Row objects could\n segfault if their inherited description was set to\n None. Patch by Erlend Aasland.\n - gh-128231: Execution of multiple statements in the new\n REPL now stops immediately upon the first exception\n encountered. Patch by Bartosz S\u0142awecki.\n - gh-117779: Fix reading duplicated entries in zipfile by\n name. Reading duplicated entries (except the last one)\n by ZipInfo now emits a warning instead of raising an\n exception.\n - gh-128772: Fix pydoc for methods with the __module__\n attribute equal to None.\n - gh-92897: Scheduled the deprecation of the check_home\n argument of sysconfig.is_python_build() to Python 3.15.\n - gh-128657: Fix possible extra reference when using objects\n returned by hashlib.sha256() under free threading.\n - gh-128703: Fix mimetypes.guess_type() to use default\n mapping for empty Content-Type in registry.\n - gh-128308: Support the name keyword argument\n for eager tasks in asyncio.loop.create_task(),\n asyncio.create_task() and asyncio.TaskGroup.create_task(),\n by passing on all kwargs to the task factory set by\n asyncio.loop.set_task_factory().\n - gh-128388: Fix PyREPL on Windows to support more\n keybindings, like the Control-\u2190 and Control-\u2192 word-skipping\n keybindings and those with meta (i.e. Alt), e.g. Alt-d to\n kill-word or Alt-Backspace backward-kill-word.\n - gh-126037: xml.etree.ElementTree: Fix a crash in\n Element.find, Element.findtext and Element.findall when\n the tag to find implements an __eq__() method mutating the\n element being queried. Patch by B\u00e9n\u00e9dikt Tran.\n - gh-127712: Fix handling of the secure argument of\n logging.handlers.SMTPHandler.\n - gh-126033: xml.etree.ElementTree: Fix a crash in\n Element.remove when the element is concurrently\n mutated. Patch by B\u00e9n\u00e9dikt Tran.\n - gh-118201: Fixed intermittent failures of os.confstr,\n os.pathconf and os.sysconf on iOS and Android.\n - gh-124927: Non-printing characters are now properly handled\n in the new REPL.\n - IDLE\n - gh-129873: Simplify displaying the IDLE doc by only copying\n the text section of idle.html to idlelib/help.html. Patch\n by Stan Ulbrych.\n - Documentation\n - gh-131417: Mention asyncio.Future and asyncio.Task in\n generic classes list.\n - gh-125722: Require Sphinx 8.2.0 or later to build the\n Python documentation. Patch by Adam Turner.\n - gh-129712: The wheel tags supported by each macOS universal\n SDK option are now documented.\n - gh-46236: C API: Document PyUnicode_RSplit(),\n PyUnicode_Partition() and PyUnicode_RPartition().\n - Core and Builtins\n - gh-132011: Fix crash when calling list.append() as an\n unbound method.\n - gh-131998: Fix a crash when using an unbound method\n descriptor object in a function where a bound method\n descriptor was used.\n - gh-131988: Fix a performance regression that caused scaling\n bottlenecks in the free threaded build in 3.13.1 and\n 3.13.2.\n - gh-131719: Fix missing NULL check in _PyMem_FreeDelayed in\n free-threaded build.\n - gh-131670: Fix anext() failing on sync __anext__() raising\n an exception.\n - gh-131141: Fix data race in sys.monitoring instrumentation\n while registering callback.\n - gh-130932: Fix incorrect exception handling in\n _PyModule_IsPossiblyShadowing\n - gh-130851: Fix a crash in the free threading build when\n constructing a code object with co_consts that contains\n instances of types that are not otherwise generated by the\n bytecode compiler.\n - gh-130794: Fix memory leak in the free threaded build\n when resizing a shared list or dictionary from multiple\n short-lived threads.\n - gh-130775: Do not crash on negative column and end_column\n in ast locations.\n - gh-130382: Fix PyRefTracer_DESTROY not being sent from\n Python/ceval.c Py_DECREF().\n - gh-130618: Fix a bug that was causing UnicodeDecodeError or\n SystemError to be raised when using f-strings with lambda\n expressions with non-ASCII characters. Patch by Pablo\n Galindo\n - gh-130163: Fix possible crashes related to concurrent\n change and use of the sys module attributes.\n - gh-88887: Fixing multiprocessing Resource Tracker process\n leaking, usually observed when running Python as PID 1.\n - gh-130115: Fix an issue with thread identifiers being\n sign-extended on some platforms.\n - gh-128396: Fix a crash that occurs when calling locals()\n inside an inline comprehension that uses the same local\n variable as the outer frame scope where the variable is a\n free or cell var.\n - gh-116042: Fix location for SyntaxErrors of invalid escapes\n in the tokenizer. Patch by Pablo Galindo\n - gh-129983: Fix data race in compile_template in sre.c.\n - gh-129967: Fix a race condition in the free threading build\n when repr(set) is called concurrently with set.clear().\n - gh-129900: Fix return codes inside SystemExit not getting\n returned by the REPL.\n - gh-129732: Fixed a race in _Py_qsbr_reserve in the free\n threading build.\n - gh-129643: Fix thread safety of PyList_Insert() in\n free-threading builds.\n - gh-129668: Fix race condition when raising MemoryError in\n the free threaded build.\n - gh-129643: Fix thread safety of PyList_SetItem() in\n free-threading builds. Patch by Kumar Aditya.\n - gh-128714: Fix the potential races in get/set dunder\n methods __annotations__, __annotate__ and __type_params__\n for function object, and add related tests.\n - gh-128632: Disallow __classdict__ as the name of a type\n parameter. Using this name would previously crash the\n interpreter in some circumstances.\n - gh-127953: The time to handle a LINE event in\n sys.monitoring (and sys.settrace) is now independent of the\n number of lines in the code object.\n - gh-125331: from __future__ import barry_as_FLUFL now works\n in more contexts, including when it is used in files,\n with the -c flag, and in the REPL when there are multiple\n statements on the same line. Previously, it worked only\n on subsequent lines in the REPL, and when the appropriate\n flags were passed directly to compile(). Patch by Pablo\n Galindo.\n - C API\n - gh-131740: Update PyUnstable_GC_VisitObjects to traverse\n perm gen.\n - gh-129533: Update PyGC_Enable(), PyGC_Disable(),\n PyGC_IsEnabled() to use atomic operation for thread-safety\n at free-threading build. Patch by Donghee Na.\n - Build\n - gh-131865: The DTrace build now properly passes the CC\n and CFLAGS variables to the dtrace command when utilizing\n SystemTap on Linux.\n - gh-131675: Fix mimalloc library builds for 32-bit ARM\n targets.\n - gh-130673: Fix potential KeyError when handling object\n sections during JIT building process.\n - gh-130740: Ensure that Python.h is included before\n stdbool.h unless pyconfig.h is included before or in some\n platform-specific contexts.\n - gh-129838: Don\u2019t redefine _Py_NO_SANITIZE_UNDEFINED when\n compiling with a recent GCC version and undefined sanitizer\n enabled.\n - gh-129660: Drop test_embed from PGO training, whose\n contribution in recent versions is considered to be\n ignorable.\n\n- Changes from version 3.13.2:\n \n - Tools/Demos\n - gh-128152: Fix a bug where Argument Clinic\u2019s C\n pre-processor parser tried to parse pre-processor\n directives inside C comments. Patch by Erlend Aasland.\n - Tests\n - gh-127906: Test the limited C API in test_cppext. Patch by\n Victor Stinner.\n - gh-127637: Add tests for the dis command-line\n interface. Patch by B\u00e9n\u00e9dikt Tran.\n - gh-126925: iOS test results are now streamed during test\n execution, and the deprecated xcresulttool is no longer\n used.\n - Security\n - gh-105704: When using urllib.parse.urlsplit() and\n urllib.parse.urlparse() host parsing would not reject\n domain names containing square brackets ([ and ]). Square\n brackets are only valid for IPv6 and IPvFuture hosts\n according to RFC 3986 Section 3.2.2. (CVE-2025-0938,\n bsc#1236705)\n - gh-127655: Fixed the\n asyncio.selector_events._SelectorSocketTransport\n transport not pausing writes for the protocol when\n the buffer reaches the high water mark when using\n asyncio.WriteTransport.writelines() (CVE-2024-12254,\n bsc#1234290).\n - gh-126108: Fix a possible NULL pointer dereference in\n PySys_AddWarnOptionUnicode().\n - gh-80222: Fix bug in the folding of quoted strings\n when flattening an email message using a modern email\n policy. Previously when a quoted string was folded so\n that it spanned more than one line, the surrounding\n quotes and internal escapes would be omitted. This could\n theoretically be used to spoof header lines using a\n carefully constructed quoted string if the resulting\n rendered email was transmitted or re-parsed.\n - gh-119511: Fix a potential denial of service in the imaplib\n module. When connecting to a malicious server, it could\n cause an arbitrary amount of memory to be allocated. On\n many systems this is harmless as unused virtual memory is\n only a mapping, but if this hit a virtual address size\n limit it could lead to a MemoryError or other process\n crash. On unusual systems or builds where all allocated\n memory is touched and backed by actual ram or storage\n it could\u2019ve consumed resources doing so until similarly\n crashing.\n - Library\n - gh-129502: Unlikely errors in preparing arguments for\n ctypes callback are now handled in the same way as errors\n raised in the callback of in converting the result of\n the callback \u2013 using sys.unraisablehook() instead of\n sys.excepthook() and not setting sys.last_exc and other\n variables.\n - gh-129403: Corrected ValueError message for asyncio.Barrier\n and threading.Barrier.\n - gh-129409: Fix an integer overflow in the csv module when\n writing a data field larger than 2GB.\n - gh-118761: Improve import time of subprocess by lazy\n importing locale and signal. Patch by Taneli Hukkinen.\n - gh-129346: In sqlite3, handle out-of-memory when creating\n user-defined SQL functions.\n - gh-129061: Fix FORCE_COLOR and NO_COLOR when empty\n strings. Patch by Hugo van Kemenade.\n - gh-128550: Removed an incorrect optimization relating\n to eager tasks in asyncio.TaskGroup that resulted in\n cancellations being missed.\n - gh-128991: Release the enter frame reference within bdb\n callback\n - gh-128978: Fix a NameError in\n sysconfig.expand_makefile_vars(). Patch by B\u00e9n\u00e9dikt Tran.\n - gh-128961: Fix a crash when setting state on an exhausted\n array.array iterator.\n - gh-128894: Fix\n traceback.TracebackException._format_syntax_error not to\n fail on exceptions with custom metadata.\n - gh-128916: Do not attempt to set SO_REUSEPORT on sockets of\n address families other than AF_INET and AF_INET6, as it is\n meaningless with these address families, and the call with\n fail with Linux kernel 6.12.9 and newer.\n - gh-128679: Fix tracemalloc.stop() race condition. Fix\n tracemalloc to support calling tracemalloc.stop() in\n one thread, while another thread is tracing memory\n allocations. Patch by Victor Stinner.\n - gh-128636: Fix PyREPL failure when os.environ is\n overwritten with an invalid value.\n - gh-128562: Fix possible conflicts in generated tkinter\n widget names if the widget class name ends with a digit.\n - gh-128498: Default to stdout isatty for color detection\n instead of stderr. Patch by Hugo van Kemenade.\n - gh-128552: Fix cyclic garbage introduced\n by asyncio.loop.create_task() and\n asyncio.TaskGroup.create_task() holding a reference to the\n created task if it is eager.\n - gh-128479: Fix asyncio.staggered.staggered_race() leaking\n tasks and issuing an unhandled exception.\n - gh-128400: Fix crash when using\n faulthandler.dump_traceback() while other threads are\n active on the free threaded build.\n - gh-88834: Unify the instance check for typing.Union and\n types.UnionType: Union now uses the instance checks against\n its parameters instead of the subclass checks.\n - gh-128302: Fix\n xml.dom.xmlbuilder.DOMEntityResolver.resolveEntity(), which\n was broken by the Python 3.0 transition.\n - gh-128302: Allow xml.dom.xmlbuilder.DOMParser.parse()\n to correctly handle xml.dom.xmlbuilder.DOMInputSource\n instances that only have a systemId attribute set.\n - gh-112064: Fix incorrect handling of negative read sizes in\n HTTPResponse.read. Patch by Yury Manushkin.\n - gh-58956: Fixed a frame reference leak in bdb.\n - gh-128131: Completely support random access of uncompressed\n unencrypted read-only zip files obtained by ZipFile.open.\n - gh-112328: enum.EnumDict can now be used without resorting\n to private API.\n - gh-127975: Avoid reusing quote types in ast.unparse() if\n not needed.\n - gh-128062: Revert the font of turtledemo\u2019s menu bar to its\n default value and display the shortcut keys in the correct\n position.\n - gh-128014: Fix resetting the default window icon by passing\n default=\u0027\u0027 to the tkinter method wm_iconbitmap().\n - gh-115514: Fix exceptions and incomplete writes after\n asyncio._SelectorTransport is closed before writes are\n completed.\n - gh-41872: Fix quick extraction of module docstrings from\n a file in pydoc. It now supports docstrings with single\n quotes, escape sequences, raw string literals, and other\n Python syntax.\n - gh-127060: Set TERM environment variable to \u201cdumb\u201d to\n disable traceback colors in IDLE, since IDLE doesn\u2019t\n understand ANSI escape sequences. Patch by Victor Stinner.\n - gh-126742: Fix support of localized error messages reported\n by dlerror(3) and gdbm_strerror in ctypes and dbm.gnu\n functions respectively. Patch by B\u00e9n\u00e9dikt Tran.\n - gh-127873: When -E is set, only ignore PYTHON_COLORS\n and not FORCE_COLOR/NO_COLOR/TERM when colourising\n output. Patch by Hugo van Kemenade.\n - gh-127870: Detect recursive calls in ctypes _as_parameter_\n handling. Patch by Victor Stinner.\n - gh-127847: Fix the position when doing interleaved seeks\n and reads in uncompressed, unencrypted zip files returned\n by zipfile.ZipFile.open().\n - gh-127732: The platform module now correctly detects\n Windows Server 2025.\n - gh-126821: macOS and iOS apps can now choose to redirect\n stdout and stderr to the system log during interpreter\n configuration.\n - gh-93312: Include \u003csys/pidfd.h\u003e to get os.PIDFD_NONBLOCK\n constant. Patch by Victor Stinner.\n - gh-83662: Add missing __class_getitem__ method to the\n Python implementation of functools.partial(), to make it\n compatible with the C version. This is mainly relevant for\n alternative Python implementations like PyPy and GraalPy,\n because CPython will usually use the C-implementation of\n that function.\n - gh-127586: multiprocessing.pool.Pool now properly restores\n blocked signal handlers of the parent thread when creating\n processes via either spawn or forkserver.\n - gh-98188: Fix an issue in\n email.message.Message.get_payload() where data cannot be\n decoded if the Content Transfer Encoding mechanism contains\n trailing whitespaces or additional junk text. Patch by Hui\n Liu.\n - gh-127257: In ssl, system call failures that OpenSSL\n reports using ERR_LIB_SYS are now raised as OSError.\n - gh-127096: Do not recreate unnamed section on every read in\n configparser.ConfigParser. Patch by Andrey Efremov.\n - gh-127196: Fix crash when dict with keys in invalid\n encoding were passed to several functions in _interpreters\n module.\n - gh-126775: Make linecache.checkcache() thread safe and GC\n re-entrancy safe.\n - gh-126332: Fix _pyrepl crash when entering a double CTRL-Z\n on an overflowing line.\n - gh-126225: getopt and optparse are no longer marked as\n deprecated. There are legitimate reasons to use one of\n these modules in preference to argparse, and none of these\n modules are at risk of being removed from the standard\n library. Of the three, argparse remains the recommended\n default choice, unless one of the concerns noted at the top\n of the optparse module documentation applies.\n - gh-125553: Fix round-trip invariance for backslash\n continuations in tokenize.untokenize().\n - gh-123987: Fixed issue in NamespaceReader where a non-path\n item in a namespace path, such as a sentinel added by an\n editable installer, would break resource loading.\n - gh-123401: The http.cookies module now supports parsing\n obsolete RFC 850 date formats, in accordance with RFC 9110\n requirements. Patch by Nano Zheng.\n - gh-122431: readline.append_history_file() now raises a\n ValueError when given a negative value.\n - gh-119257: Show tab completions menu below the current\n line, which results in less janky behaviour, and fixes a\n cursor movement bug. Patch by Daniel Hollas\n - Documentation\n - gh-125722: Require Sphinx 8.1.3 or later to build the\n Python documentation. Patch by Adam Turner.\n - gh-67206: Document that string.printable is not\n printable in the POSIX sense. In particular,\n string.printable.isprintable() returns False. Patch by\n B\u00e9n\u00e9dikt Tran.\n - Core and Builtins\n - gh-129345: Fix null pointer dereference in syslog.openlog()\n when an audit hook raises an exception.\n - gh-129093: Fix f-strings such as f\u0027{expr=}\u0027 sometimes not\n displaying the full expression when the expression contains\n !=.\n - gh-124363: Treat debug expressions in f-string as raw\n strings. Patch by Pablo Galindo\n - gh-128799: Add frame of except* to traceback when it wraps\n a naked exception.\n - gh-128078: Fix a SystemError when using anext() with a\n default tuple value. Patch by B\u00e9n\u00e9dikt Tran.\n - gh-128717: Fix a crash when setting the recursion limit\n while other threads are active on the free threaded build.\n - gh-128330: Restore terminal control characters on REPL\n exit.\n - gh-128079: Fix a bug where except* does not properly check\n the return value of an ExceptionGroup\u2019s split() function,\n leading to a crash in some cases. Now when split() returns\n an invalid object, except* raises a TypeError with the\n original raised ExceptionGroup object chained to it.\n - gh-128030: Avoid error from calling\n PyModule_GetFilenameObject on a non-module object when\n importing a non-existent symbol from a non-module object.\n - gh-127903: Objects/unicodeobject.c: fix a crash on DEBUG\n builds in _copy_characters when there is nothing to copy.\n - gh-127599: Fix statistics for increments of object\n reference counts (in particular, when a reference count was\n increased by more than 1 in a single operation).\n - gh-127651: When raising ImportError for missing symbols\n in from imports, use __file__ in the error message if\n __spec__.origin is not a location\n - gh-127582: Fix non-thread-safe object resurrection when\n calling finalizers and watcher callbacks in the free\n threading build.\n - gh-127434: The iOS compiler shims can now accept arguments\n with spaces.\n - gh-127536: Add missing locks around some list assignment\n operations in the free threading build.\n - gh-126862: Fix a possible overflow when a class inherits\n from an absurd number of super-classes. Reported by Valery\n Fedorenko. Patch by B\u00e9n\u00e9dikt Tran.\n - gh-127349: Fixed the error when resizing terminal in Python\n REPL. Patch by Semyon Moroz.\n - gh-126076: Relocated objects such as tuple, bytes and\n str objects are properly tracked by tracemalloc and its\n associated hooks. Patch by Pablo Galindo.\n - C API\n - gh-127791: Fix loss of callbacks after more than one call\n to PyUnstable_AtExit().\n - Build\n - gh-129539: Don\u2019t redefine EX_OK when the system has the\n sysexits.h header.\n - gh-128472: Skip BOLT optimization of functions using\n computed gotos, fixing errors on build with LLVM 19.\n - gh-123925: Fix building the curses module on platforms with\n libncurses but without libncursesw.\n - gh-128321: Set LIBS instead of LDFLAGS when checking if\n sqlite3 library functions are available. This fixes the\n ordering of linked libraries during checks, which was\n incorrect when using a statically linked libsqlite3.\n - gh-127865: Fix build failure on systems without\n thread-locals support.\n\n- Changes from version 3.13.1:\n - Tools/Demos\n - gh-126807: Fix extraction warnings in pygettext.py caused\n by mistaking function definitions for function calls.\n - gh-126167: The iOS testbed was modified so that it can be\n used by third-party projects for testing purposes.\n - Tests\n - gh-126909: Fix test_os extended attribute tests to work on\n filesystems with 1 KiB xattr size limit.\n - gh-125041: Re-enable skipped tests for zlib on the\n s390x architecture: only skip checks of the compressed\n bytes, which can be different between zlib\u2019s software\n implementation and the hardware-accelerated implementation.\n - gh-124295: Add translation tests to the argparse module.\n - Security\n - gh-126623: Upgrade libexpat to 2.6.4\n - gh-125140: Remove the current directory from sys.path when\n using PyREPL.\n - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to\n consistently use the mapped IPv4 address value for deciding\n properties. Properties which have their behavior fixed are\n is_multicast, is_reserved, is_link_local, is_global, and\n is_unspecified.\n - Library\n - gh-127321: pdb.set_trace() will not stop at an opcode that\n does not have an associated line number anymore.\n - gh-127303: Publicly expose EXACT_TOKEN_TYPES in\n token.__all__.\n - gh-123967: Fix faulthandler for trampoline frames. If the\n top-most frame is a trampoline frame, skip it. Patch by\n Victor Stinner.\n - gh-127182: Fix io.StringIO.__setstate__() crash, when None\n was passed as the first value.\n - gh-127217: Fix urllib.request.pathname2url() for paths\n starting with multiple slashes on Posix.\n - gh-127035: Fix shutil.which on Windows. Now it looks at\n direct match if and only if the command ends with a PATHEXT\n extension or X_OK is not in mode. Support extensionless\n files if \u201c.\u201d is in PATHEXT. Support PATHEXT extensions that\n end with a dot.\n - gh-122273: Support PyREPL history on Windows. Patch by\n devdanzin and Victor Stinner.\n - gh-127078: Fix issue where urllib.request.url2pathname()\n failed to discard an extra slash before a UNC drive in the\n URL path on Windows.\n - gh-126766: Fix issue where urllib.request.url2pathname()\n failed to discard any \u2018localhost\u2019 authority present in the\n URL.\n - gh-127065: Fix crash when calling a operator.methodcaller()\n instance from multiple threads in the free threading build.\n - gh-126997: Fix support of STRING and GLOBAL opcodes with\n non-ASCII arguments in pickletools. pickletools.dis()\n now outputs non-ASCII bytes in STRING, BINSTRING and\n SHORT_BINSTRING arguments as escaped (\\xXX).\n - gh-126316: grp: Make grp.getgrall() thread-safe by adding a\n mutex. Patch by Victor Stinner.\n - gh-126618: Fix the representation of itertools.count\n objects when the count value is sys.maxsize.\n - gh-85168: Fix issue where urllib.request.url2pathname() and\n pathname2url() always used UTF-8 when quoting and unquoting\n file URIs. They now use the filesystem encoding and error\n handler.\n - gh-67877: Fix memory leaks when regular expression matching\n terminates abruptly, either because of a signal or because\n memory allocation fails.\n - gh-126789: Fixed the values of sysconfig.get_config_vars(),\n sysconfig.get_paths(), and their siblings when the site\n initialization happens after sysconfig has built a cache\n for sysconfig.get_config_vars().\n - gh-126188: Update bundled pip to 24.3.1\n - gh-126780: Fix os.path.normpath() for drive-relative paths\n on Windows.\n - gh-126766: Fix issue where urllib.request.url2pathname()\n failed to discard two leading slashes introducing an empty\n authority section.\n - gh-126727: locale.nl_langinfo(locale.ERA) now returns\n multiple era description segments separated by\n semicolons. Previously it only returned the first segment\n on platforms with Glibc.\n - gh-126699: Allow collections.abc.AsyncIterator to be a base\n for Protocols.\n - gh-126654: Fix crash when non-dict was passed to several\n functions in _interpreters module.\n - gh-104745: Limit starting a patcher (from\n unittest.mock.patch() or unittest.mock.patch.object()) more\n than once without stopping it\n - gh-126595: Fix a crash when instantiating itertools.count\n with an initial count of sys.maxsize on debug builds. Patch\n by B\u00e9n\u00e9dikt Tran.\n - gh-120423: Fix issue where urllib.request.pathname2url()\n mishandled Windows paths with embedded forward slashes.\n - gh-126565: Improve performances of zipfile.Path.open() for\n non-reading modes.\n - gh-126505: Fix bugs in compiling case-insensitive regular\n expressions with character classes containing non-BMP\n characters: upper-case non-BMP character did was ignored\n and the ASCII flag was ignored when matching a character\n range whose upper bound is beyond the BMP region.\n - gh-117378: Fixed the multiprocessing \u0027forkserver\u0027\n start method forkserver process to correctly inherit\n the parent\u2019s sys.path during the importing of\n multiprocessing.set_forkserver_preload() modules in the\n same manner as sys.path is configured in workers before\n executing work items.\n - This bug caused some forkserver module preloading to\n silently fail to preload. This manifested as a performance\n degration in child processes when the sys.path was required\n due to additional repeated work in every worker.\n - It could also have a side effect of \u0027\u0027 remaining in\n sys.path during forkserver preload imports instead of the\n absolute path from os.getcwd() at multiprocessing import\n time used in the worker sys.path.\n - The sys.path differences between phases in the child\n process could potentially have caused preload to import\n incorrect things from the wrong location. We are unaware of\n that actually having happened in practice.\n - gh-125679: The multiprocessing.Lock and\n multiprocessing.RLock repr values no longer say \u201cunknown\u201d\n on macOS.\n - gh-126476: Raise calendar.IllegalMonthError (now a subclass\n of IndexError) for calendar.month() when the input month is\n not correct.\n - gh-126489: The Python implementation of pickle no longer\n calls pickle.Pickler.persistent_id() for the result of\n persistent_id().\n - gh-126313: Fix an issue in curses.napms() when\n curses.initscr() has not yet been called. Patch by B\u00e9n\u00e9dikt\n Tran.\n - gh-126303: Fix pickling and copying of os.sched_param\n objects.\n - gh-126138: Fix a use-after-free crash on asyncio.Task\n objects whose underlying coroutine yields an object that\n implements an evil __getattribute__(). Patch by Nico\n Posada.\n - gh-126220: Fix crash in cProfile.Profile and\n _lsprof.Profiler when their callbacks were directly called\n with 0 arguments.\n - gh-126212: Fix issue where urllib.request.pathname2url()\n and url2pathname() removed slashes from Windows DOS drive\n paths and URLs.\n - gh-126223: Raise a UnicodeEncodeError instead of a\n SystemError upon calling _interpreters.create() with an\n invalid Unicode character.\n - gh-126205: Fix issue where urllib.request.pathname2url()\n generated URLs beginning with four slashes (rather than\n two) when given a Windows UNC path.\n - gh-126105: Fix a crash in ast when the ast.AST._fields\n attribute is deleted.\n - gh-126106: Fixes a possible NULL pointer dereference in\n ssl.\n - gh-126080: Fix a use-after-free crash on asyncio.Task\n objects for which the underlying event loop implements an\n evil __getattribute__(). Reported by Nico-Posada. Patch by\n B\u00e9n\u00e9dikt Tran.\n - gh-126083: Fixed a reference leak in asyncio.Task objects\n when reinitializing the same object with a non-None\n context. Patch by Nico Posada.\n - gh-125984: Fix use-after-free crashes on asyncio.Future\n objects for which the underlying event loop implements an\n evil __getattribute__(). Reported by Nico-Posada. Patch by\n B\u00e9n\u00e9dikt Tran.\n - gh-125969: Fix an out-of-bounds crash when an evil\n asyncio.loop.call_soon() mutates the length of the internal\n callbacks list. Patch by B\u00e9n\u00e9dikt Tran.\n - gh-125966: Fix a use-after-free crash in\n asyncio.Future.remove_done_callback(). Patch by B\u00e9n\u00e9dikt\n Tran.\n - gh-125789: Fix possible crash when mutating list of\n callbacks returned by asyncio.Future._callbacks. It\n now always returns a new copy in C implementation\n _asyncio. Patch by Kumar Aditya.\n - gh-124452: Fix an issue in\n email.policy.EmailPolicy.header_source_parse() and\n email.policy.Compat32.header_source_parse() that introduced\n spurious leading whitespaces into header values when the\n header includes a newline character after the header name\n delimiter (:) and before the value.\n - gh-125884: Fixed the bug for pdb where it can\u2019t set\n breakpoints on functions with certain annotations.\n - gh-125355: Fix several bugs in\n argparse.ArgumentParser.parse_intermixed_args().\n - The parser no longer changes temporarily during\n parsing.\n - Default values are not processed twice.\n - Required mutually exclusive groups containing\n positional arguments are now supported.\n - The missing arguments report now includes the names of\n all required optional and positional arguments.\n - Unknown options can be intermixed with positional\n arguments in parse_known_intermixed_args().\n - gh-125666: Avoid the exiting the interpreter if a null byte\n is given as input in the new REPL.\n - gh-125710: [Enum] fix hashable\u003c-\u003enonhashable comparisons\n for member values\n - gh-125631: Restore ability to set persistent_id and\n persistent_load attributes of instances of the Pickler and\n Unpickler classes in the pickle module.\n - gh-125378: Fixed the bug in pdb where after a multi-line\n command, an empty line repeats the first line of the\n multi-line command, instead of the full command.\n - gh-125682: Reject non-ASCII digits in the Python\n implementation of json.loads() conforming to the JSON\n specification.\n - gh-125660: Reject invalid unicode escapes for Python\n implementation of json.loads().\n - gh-125259: Fix the notes removal logic for errors thrown in\n enum initialization.\n - gh-125590: Allow FrameLocalsProxy to delete and pop if the\n key is not a fast variable.\n - gh-125519: Improve traceback if importlib.reload() is\n called with an object that is not a module. Patch by Alex\n Waygood.\n - gh-125451: Fix deadlock when\n concurrent.futures.ProcessPoolExecutor shuts down\n concurrently with an error when feeding a job to a worker\n process.\n - gh-125422: Fixed the bug where pdb and bdb can step into\n the bottom caller frame.\n - gh-100141: Fixed the bug where pdb will be stuck in an\n infinite loop when debugging an empty file.\n - gh-125115: Fixed a bug in pdb where arguments starting with\n - can\u2019t be passed to the debugged script.\n - gh-53203: Fix time.strptime() for %c, %x and %X formats\n in many locales that use non-ASCII digits, like Persian,\n Burmese, Odia and Shan.\n - gh-125398: Fix the conversion of the VIRTUAL_ENV path in\n the activate script in venv when running in Git Bash for\n Windows.\n - gh-125316: Fix using functools.partial() as enum.Enum\n member. A FutureWarning with suggestion to use\n enum.member() is now emitted when the partial instance is\n used as an enum member.\n - gh-125245: Fix race condition when importing\n collections.abc, which could incorrectly return an empty\n module.\n - gh-125243: Fix data race when creating zoneinfo.ZoneInfo\n objects in the free threading build.\n - gh-125254: Fix a bug where ArgumentError includes the\n incorrect ambiguous option in argparse.\n - gh-125235: Keep tkinter TCL paths in venv pointing to base\n installation on Windows.\n - gh-61011: Fix inheritance of nested mutually\n exclusive groups from parent parser in\n argparse.ArgumentParser. Previously, all nested mutually\n exclusive groups lost their connection to the group\n containing them and were displayed as belonging directly to\n the parser.\n - gh-52551: Fix encoding issues in time.strftime(), the\n strftime() method of the datetime classes datetime, date\n and time and formatting of these classes. Characters\n not encodable in the current locale are now acceptable\n in the format string. Surrogate pairs and sequence\n of surrogatescape-encoded bytes are no longer\n recombinated. Embedded null character no longer terminates\n the format string.\n - gh-125118: Don\u2019t copy arbitrary values to _Bool in the\n struct module.\n - gh-125069: Fix an issue where providing a pathlib.PurePath\n object as an initializer argument to a second PurePath\n object with a different parser resulted in arguments to\n the former object\u2019s initializer being joined by the latter\n object\u2019s parser.\n - gh-125096: If the PYTHON_BASIC_REPL environment variable\n is set, the site module no longer imports the _pyrepl\n module. Moreover, the site module now respects -E and -I\n command line options: ignore PYTHON_BASIC_REPL in this\n case. Patch by Victor Stinner.\n - gh-124969: Fix locale.nl_langinfo(locale.ALT_DIGITS) on\n platforms with glibc. Now it returns a string consisting of\n up to 100 semicolon-separated symbols (an empty string in\n most locales) on all Posix platforms. Previously it only\n returned the first symbol or an empty string.\n - gh-124960: Fix support for the barry_as_FLUFL future flag\n in the new REPL.\n - gh-124984: Fixed thread safety in ssl in the free-threaded\n build. OpenSSL operations are now protected by a per-object\n lock.\n - gh-124958: Fix refcycles in exceptions raised from\n asyncio.TaskGroup and the python implementation of\n asyncio.Future\n - gh-53203: Fix time.strptime() for %c and %x formats in many\n locales: Arabic, Bislama, Breton, Bodo, Kashubian, Chuvash,\n Estonian, French, Irish, Ge\u2019ez, Gurajati, Manx Gaelic,\n Hebrew, Hindi, Chhattisgarhi, Haitian Kreyol, Japanese,\n Kannada, Korean, Marathi, Malay, Norwegian, Nynorsk,\n Punjabi, Rajasthani, Tok Pisin, Yoruba, Yue Chinese,\n Yau/Nungon and Chinese.\n - gh-124917: Allow calling os.path.exists() and\n os.path.lexists() with keyword arguments on Windows. Fixes\n a regression in 3.13.0.\n - gh-124653: Fix detection of the minimal Queue API needed by\n the logging module. Patch by B\u00e9n\u00e9dikt Tran.\n - gh-124858: Fix reference cycles left in tracebacks\n in asyncio.open_connection() when used with\n happy_eyeballs_delay\n - gh-124390: Fixed AssertionError when using\n asyncio.staggered.staggered_race() with\n asyncio.eager_task_factory.\n - gh-124651: Properly quote template strings in venv\n activation scripts (bsc#1232241, CVE-2024-9287).\n - gh-116850: Fix argparse for namespaces with not directly\n writable dict (e.g. classes).\n - gh-58573: Fix conflicts between abbreviated long options in\n the parent parser and subparsers in argparse.\n - gh-124594: All asyncio REPL prompts run in the same\n context. Contributed by Bartosz S\u0142awecki.\n - gh-61181: Fix support of choices with string value in\n argparse. Substrings of the specified string no longer\n considered valid values.\n - gh-80259: Fix argparse support of positional arguments with\n nargs=\u0027?\u0027, default=argparse.SUPPRESS and specified type.\n - gh-120378: Fix a crash related to an integer overflow in\n curses.resizeterm() and curses.resize_term().\n - gh-123884: Fixed bug in itertools.tee() handling of other\n tee inputs (a tee in a tee). The output now has the\n promised n independent new iterators. Formerly, the first\n iterator was identical (not independent) to the input\n iterator. This would sometimes give surprising results.\n - gh-58956: Fixed a bug in pdb where sometimes the breakpoint\n won\u2019t trigger if it was set on a function which is already\n in the call stack.\n - gh-124345: argparse vim supports abbreviated single-dash\n long options separated by = from its value.\n - gh-104860: Fix disallowing abbreviation of single-dash long\n options in argparse with allow_abbrev=False.\n - gh-63143: Fix parsing mutually exclusive arguments in\n argparse. Arguments with the value identical to the default\n value (e.g. booleans, small integers, empty or 1-character\n strings) are no longer considered \u201cnot present\u201d.\n - gh-72795: Positional arguments with nargs equal to \u0027*\u0027 or\n argparse.REMAINDER are no longer required. This allows to\n use positional argument with nargs=\u0027*\u0027 and without default\n in mutually exclusive group and improves error message\n about required arguments.\n - gh-59317: Fix parsing positional argument with nargs equal\n to \u0027?\u0027 or \u0027*\u0027 if it is preceded by an option and another\n positional argument.\n - gh-53780: argparse now ignores the first \u0027--\u0027 (double dash)\n between an option and command.\n - gh-124217: Add RFC 9637 reserved IPv6 block 3fff::/20 in\n ipaddress module.\n - gh-81691: Fix handling of multiple \u0027--\u0027 (double dashes)\n in argparse. Only the first one has now been removed, all\n subsequent ones are now taken literally.\n - gh-123978: Remove broken time.thread_time() and\n time.thread_time_ns() on NetBSD.\n - gh-124008: Fix possible crash (in debug build), incorrect\n output or returning incorrect value from raw binary write()\n when writing to console on Windows.\n - gh-123935: Fix parent slots detection for dataclasses that\n inherit from classes with __dictoffset__.\n - gh-122765: Fix unbalanced quote errors occurring when\n activate.csh in venv was sourced with a custom prompt\n containing unpaired quotes or newlines.\n - gh-123370: Fix the canvas not clearing after running\n turtledemo clock.\n - gh-116810: Resolve a memory leak introduced in CPython\n 3.10\u2019s ssl when the ssl.SSLSocket.session property was\n accessed. Speeds up read and write access to said property\n by no longer unnecessarily cloning session objects via\n serialization.\n - gh-120754: Update unbounded read calls in zipfile to\n specify an explicit size putting a limit on how much data\n they may read. This also updates handling around ZIP max\n comment size to match the standard instead of reading\n comments that are one byte too long.\n - gh-70764: Fixed an issue where inspect.getclosurevars()\n would incorrectly classify an attribute name as a global\n variable when the name exists both as an attribute name and\n a global variable.\n - gh-118289: posixpath.realpath() now raises\n NotADirectoryError when strict mode is enabled and a\n non-directory path with a trailing slash is supplied.\n - gh-119826: Always return an absolute path for\n os.path.abspath() on Windows.\n - gh-117766: Always use str() to print choices in argparse.\n - gh-101955: Fix SystemError when match regular expression\n pattern containing some combination of possessive\n quantifier, alternative and capture group.\n - gh-88110: Fixed multiprocessing.Process reporting a\n .exitcode of 1 even on success when using the \u0027fork\u0027 start\n method while using a concurrent.futures.ThreadPoolExecutor.\n - gh-71936: Fix a race condition in\n multiprocessing.pool.Pool.\n - bpo-46128: Strip unittest.IsolatedAsyncioTestCase stack\n frames from reported stacktraces.\n - bpo-14074: Fix argparse metavar processing to allow\n positional arguments to have a tuple metavar.\n - IDLE\n - gh-122392: Increase currently inadequate vertical spacing\n for the IDLE browsers (path, module, and stack) on\n high-resolution monitors.\n - Documentation\n - gh-126622: Added stub pages for removed modules explaining\n their removal, where to find replacements, and linking to\n the last Python version that supported them. Contributed by\n Ned Batchelder.\n - gh-125277: Require Sphinx 7.2.6 or later to build the\n Python documentation. Patch by Adam Turner.\n - gh-124872: Added definitions for context, current\n context, and context management protocol, updated\n related definitions to be consistent, and expanded the\n documentation for contextvars.Context.\n - gh-125018: The importlib.metadata documentation now\n includes semantic cross-reference targets for the\n significant documented APIs. This means intersphinx\n references like importlib.metadata.version() will now work\n as expected.\n - gh-70870: Clarified the dual usage of the term \u201cfree\n variable\u201d (both the formal meaning of any reference\n to names defined outside the local scope, and the\n narrower pragmatic meaning of nonlocal variables named in\n co_freevars).\n - gh-121277: Writers of CPython\u2019s documentation can now use\n next as the version for the versionchanged, versionadded,\n deprecated directives.\n - gh-60712: Include the object type in the lists of\n documented types. Change by Furkan Onder and Martin Panter.\n - bpo-34008: The Py_Main() documentation moved from the\n \u201cVery High Level API\u201d section to the \u201cInitialization and\n Finalization\u201d section.\n - Also make it explicit that we expect Py_Main to\n typically be called instead of Py_Initialize rather\n than after it (since Py_Main makes its own call to\n Py_Initialize). Document that calling both is supported\n but is version dependent on which settings will be applied\n correctly.\n - Core and Builtins\n - gh-113841: Fix possible undefined behavior division by zero\n in complex\u2019s _Py_c_pow().\n - gh-127020: Fix a crash in the free threading build\n when PyCode_GetCode(), PyCode_GetVarnames(),\n PyCode_GetCellvars(), or PyCode_GetFreevars() were called\n from multiple threads at the same time.\n - gh-126980: Fix __buffer__() of bytearray crashing when READ\n or WRITE are passed as flags.\n - gh-126881: Fix crash in finalization of dtoa state. Patch\n by Kumar Aditya.\n - gh-126341: Now ValueError is raised instead of SystemError\n when trying to iterate over a released memoryview object.\n - gh-126688: Fix a crash when calling os.fork() on some\n operating systems, including SerenityOS.\n - gh-126066: Fix importlib to not write an incomplete\n .pyc files when a ulimit or some other operating system\n mechanism is preventing the write to go through fully.\n - gh-126312: Fix crash during garbage collection on an object\n frozen by gc.freeze() on the free-threaded build.\n - gh-126139: Provide better error location when attempting to\n use a future statement with an unknown future feature.\n - gh-126018: Fix a crash in sys.audit() when passing a\n non-string as first argument and Python was compiled in\n debug mode.\n - gh-125942: On Android, the errors setting of sys.stdout was\n changed from surrogateescape to backslashreplace.\n - gh-125859: Fix a crash in the free threading build when\n gc.get_objects() or gc.get_referrers() is called during an\n in-progress garbage collection.\n - gh-125703: Correctly honour tracemalloc hooks in\n specialized Py_DECREF paths. Patch by Pablo Galindo\n - gh-125593: Use color to highlight error locations in\n traceback from exception group\n - gh-125444: Fix illegal instruction for older Arm\n architectures. Patch by Diego Russo, testing by Ross\n Burton.\n - gh-124375: Fix a crash in the free threading build when the\n GC runs concurrently with a new thread starting.\n - gh-125221: Fix possible race condition when calling\n __reduce_ex__() for the first time in the free threading\n build.\n - gh-125038: Fix crash when iterating over a generator\n expression after direct changes on gi_frame.f_locals. Patch\n by Mikhail Efimov.\n - gh-123378: Fix a crash in the __str__() method of\n UnicodeError objects when the UnicodeError.start and\n UnicodeError.end values are invalid or out-of-range. Patch\n by B\u00e9n\u00e9dikt Tran.\n - gh-116510: Fix a crash caused by immortal interned strings\n being shared between sub-interpreters that use basic\n single-phase init. In that case, the string can be used\n by an interpreter that outlives the interpreter that\n created and interned it. For interpreters that share\n obmalloc state, also share the interned dict with the main\n interpreter.\n - gh-122878: Use the pager binary, if available (e.g. on\n Debian and derivatives), to display REPL help().\n - gh-124188: Fix reading and decoding a line from the source\n file witn non-UTF-8 encoding for syntax errors raised in\n the compiler.\n - gh-123930: Improve the error message when a script\n shadowing a module from the standard library causes\n ImportError to be raised during a \u201cfrom\u201d import. Similarly,\n improve the error message when a script shadowing a third\n party module attempts to \u201cfrom\u201d import an attribute from\n that third party module while still initialising.\n - gh-122907: Building with HAVE_DYNAMIC_LOADING\n now works as well as it did in 3.12. Existing\n deficiences will be addressed separately. (See\n https://github.com/python/cpython/issues/122950.)\n - gh-118950: Fix bug where SSLProtocol.connection_lost wasn\u2019t\n getting called when OSError was thrown on writing to\n socket.\n - gh-113570: Fixed a bug in reprlib.repr where it incorrectly\n called the repr method on shadowed Python built-in types.\n - gh-109746: If _thread.start_new_thread() fails to start a\n new thread, it deletes its state from interpreter and thus\n avoids its repeated cleanup on finalization.\n - C API\n - gh-126554: Fix error handling in ctypes.CDLL objects which\n could result in a crash in rare situations.\n - gh-125608: Fix a bug where dictionary watchers\n (e.g., PyDict_Watch()) on an object\u2019s attribute dictionary\n (__dict__) were not triggered when the object\u2019s attributes\n were modified.\n - bpo-34008: Added Py_IsInitialized to the list of APIs that\n are safe to call before the interpreter is initialized, and\n updated the embedding tests to cover it.\n - Build\n - gh-123877: Set wasm32-wasip1 as the WASI target. The old\n wasm32-wasi target is deprecated so it can be used for an\n eventual WASI 1.0.\n - gh-89640: Hard-code float word ordering as little endian on\n WASM.\n - gh-125940: The Android build now supports 16 KB page sizes.\n - gh-89640: Improve detection of float word ordering on Linux\n when link-time optimizations are enabled.\n - gh-125269: Fix detection of whether -latomic is needed when\n cross-compiling CPython using the configure script.\n - gh-121634: Allow for specifying the target compile triple\n for WASI.\n - gh-122578: Use WASI SDK 24 for testing.\n - gh-115382: Fix cross compile failures when the host and\n target SOABIs match.\n\n- Skip PGO with %want_reproducible_builds (bsc#1239210).\n- Configure externally_managed with a bcond https://en.opensuse.org/openSUSE:Python:Externally_managed (bsc#1228165).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2074,SUSE-SLE-Module-Python3-15-SP7-2025-2074",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02074-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02074-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502074-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02074-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040440.html"
},
{
"category": "self",
"summary": "SUSE Bug 1228165",
"url": "https://bugzilla.suse.com/1228165"
},
{
"category": "self",
"summary": "SUSE Bug 1232241",
"url": "https://bugzilla.suse.com/1232241"
},
{
"category": "self",
"summary": "SUSE Bug 1234290",
"url": "https://bugzilla.suse.com/1234290"
},
{
"category": "self",
"summary": "SUSE Bug 1236705",
"url": "https://bugzilla.suse.com/1236705"
},
{
"category": "self",
"summary": "SUSE Bug 1238450",
"url": "https://bugzilla.suse.com/1238450"
},
{
"category": "self",
"summary": "SUSE Bug 1239210",
"url": "https://bugzilla.suse.com/1239210"
},
{
"category": "self",
"summary": "SUSE Bug 1243273",
"url": "https://bugzilla.suse.com/1243273"
},
{
"category": "self",
"summary": "SUSE Bug 1244032",
"url": "https://bugzilla.suse.com/1244032"
},
{
"category": "self",
"summary": "SUSE Bug 1244056",
"url": "https://bugzilla.suse.com/1244056"
},
{
"category": "self",
"summary": "SUSE Bug 1244059",
"url": "https://bugzilla.suse.com/1244059"
},
{
"category": "self",
"summary": "SUSE Bug 1244060",
"url": "https://bugzilla.suse.com/1244060"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12254 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12254/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12718 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-9287 page",
"url": "https://www.suse.com/security/cve/CVE-2024-9287/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-0938 page",
"url": "https://www.suse.com/security/cve/CVE-2025-0938/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4138 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4330 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4330/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4516 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4516/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4517 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4517/"
}
],
"title": "Security update for python313",
"tracking": {
"current_release_date": "2025-06-24T07:26:36Z",
"generator": {
"date": "2025-06-24T07:26:36Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02074-1",
"initial_release_date": "2025-06-24T07:26:36Z",
"revision_history": [
{
"date": "2025-06-24T07:26:36Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"product": {
"name": "libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"product_id": "libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-3.13.5-150700.4.11.1.aarch64",
"product": {
"name": "python313-3.13.5-150700.4.11.1.aarch64",
"product_id": "python313-3.13.5-150700.4.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-base-3.13.5-150700.4.11.1.aarch64",
"product": {
"name": "python313-base-3.13.5-150700.4.11.1.aarch64",
"product_id": "python313-base-3.13.5-150700.4.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-curses-3.13.5-150700.4.11.1.aarch64",
"product": {
"name": "python313-curses-3.13.5-150700.4.11.1.aarch64",
"product_id": "python313-curses-3.13.5-150700.4.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-dbm-3.13.5-150700.4.11.1.aarch64",
"product": {
"name": "python313-dbm-3.13.5-150700.4.11.1.aarch64",
"product_id": "python313-dbm-3.13.5-150700.4.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-devel-3.13.5-150700.4.11.1.aarch64",
"product": {
"name": "python313-devel-3.13.5-150700.4.11.1.aarch64",
"product_id": "python313-devel-3.13.5-150700.4.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-doc-3.13.5-150700.4.11.1.aarch64",
"product": {
"name": "python313-doc-3.13.5-150700.4.11.1.aarch64",
"product_id": "python313-doc-3.13.5-150700.4.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-doc-devhelp-3.13.5-150700.4.11.1.aarch64",
"product": {
"name": "python313-doc-devhelp-3.13.5-150700.4.11.1.aarch64",
"product_id": "python313-doc-devhelp-3.13.5-150700.4.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-idle-3.13.5-150700.4.11.1.aarch64",
"product": {
"name": "python313-idle-3.13.5-150700.4.11.1.aarch64",
"product_id": "python313-idle-3.13.5-150700.4.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-testsuite-3.13.5-150700.4.11.1.aarch64",
"product": {
"name": "python313-testsuite-3.13.5-150700.4.11.1.aarch64",
"product_id": "python313-testsuite-3.13.5-150700.4.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-tk-3.13.5-150700.4.11.1.aarch64",
"product": {
"name": "python313-tk-3.13.5-150700.4.11.1.aarch64",
"product_id": "python313-tk-3.13.5-150700.4.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-tools-3.13.5-150700.4.11.1.aarch64",
"product": {
"name": "python313-tools-3.13.5-150700.4.11.1.aarch64",
"product_id": "python313-tools-3.13.5-150700.4.11.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_13-1_0-64bit-3.13.5-150700.4.11.1.aarch64_ilp32",
"product": {
"name": "libpython3_13-1_0-64bit-3.13.5-150700.4.11.1.aarch64_ilp32",
"product_id": "libpython3_13-1_0-64bit-3.13.5-150700.4.11.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "python313-64bit-3.13.5-150700.4.11.1.aarch64_ilp32",
"product": {
"name": "python313-64bit-3.13.5-150700.4.11.1.aarch64_ilp32",
"product_id": "python313-64bit-3.13.5-150700.4.11.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "python313-base-64bit-3.13.5-150700.4.11.1.aarch64_ilp32",
"product": {
"name": "python313-base-64bit-3.13.5-150700.4.11.1.aarch64_ilp32",
"product_id": "python313-base-64bit-3.13.5-150700.4.11.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_13-1_0-3.13.5-150700.4.11.1.i586",
"product": {
"name": "libpython3_13-1_0-3.13.5-150700.4.11.1.i586",
"product_id": "libpython3_13-1_0-3.13.5-150700.4.11.1.i586"
}
},
{
"category": "product_version",
"name": "libpython3_13t1_0-3.13.5-150700.4.11.1.i586",
"product": {
"name": "libpython3_13t1_0-3.13.5-150700.4.11.1.i586",
"product_id": "libpython3_13t1_0-3.13.5-150700.4.11.1.i586"
}
},
{
"category": "product_version",
"name": "python313-3.13.5-150700.4.11.1.i586",
"product": {
"name": "python313-3.13.5-150700.4.11.1.i586",
"product_id": "python313-3.13.5-150700.4.11.1.i586"
}
},
{
"category": "product_version",
"name": "python313-base-3.13.5-150700.4.11.1.i586",
"product": {
"name": "python313-base-3.13.5-150700.4.11.1.i586",
"product_id": "python313-base-3.13.5-150700.4.11.1.i586"
}
},
{
"category": "product_version",
"name": "python313-curses-3.13.5-150700.4.11.1.i586",
"product": {
"name": "python313-curses-3.13.5-150700.4.11.1.i586",
"product_id": "python313-curses-3.13.5-150700.4.11.1.i586"
}
},
{
"category": "product_version",
"name": "python313-dbm-3.13.5-150700.4.11.1.i586",
"product": {
"name": "python313-dbm-3.13.5-150700.4.11.1.i586",
"product_id": "python313-dbm-3.13.5-150700.4.11.1.i586"
}
},
{
"category": "product_version",
"name": "python313-devel-3.13.5-150700.4.11.1.i586",
"product": {
"name": "python313-devel-3.13.5-150700.4.11.1.i586",
"product_id": "python313-devel-3.13.5-150700.4.11.1.i586"
}
},
{
"category": "product_version",
"name": "python313-doc-3.13.5-150700.4.11.1.i586",
"product": {
"name": "python313-doc-3.13.5-150700.4.11.1.i586",
"product_id": "python313-doc-3.13.5-150700.4.11.1.i586"
}
},
{
"category": "product_version",
"name": "python313-doc-devhelp-3.13.5-150700.4.11.1.i586",
"product": {
"name": "python313-doc-devhelp-3.13.5-150700.4.11.1.i586",
"product_id": "python313-doc-devhelp-3.13.5-150700.4.11.1.i586"
}
},
{
"category": "product_version",
"name": "python313-idle-3.13.5-150700.4.11.1.i586",
"product": {
"name": "python313-idle-3.13.5-150700.4.11.1.i586",
"product_id": "python313-idle-3.13.5-150700.4.11.1.i586"
}
},
{
"category": "product_version",
"name": "python313-nogil-3.13.5-150700.4.11.1.i586",
"product": {
"name": "python313-nogil-3.13.5-150700.4.11.1.i586",
"product_id": "python313-nogil-3.13.5-150700.4.11.1.i586"
}
},
{
"category": "product_version",
"name": "python313-nogil-base-3.13.5-150700.4.11.1.i586",
"product": {
"name": "python313-nogil-base-3.13.5-150700.4.11.1.i586",
"product_id": "python313-nogil-base-3.13.5-150700.4.11.1.i586"
}
},
{
"category": "product_version",
"name": "python313-nogil-curses-3.13.5-150700.4.11.1.i586",
"product": {
"name": "python313-nogil-curses-3.13.5-150700.4.11.1.i586",
"product_id": "python313-nogil-curses-3.13.5-150700.4.11.1.i586"
}
},
{
"category": "product_version",
"name": "python313-nogil-dbm-3.13.5-150700.4.11.1.i586",
"product": {
"name": "python313-nogil-dbm-3.13.5-150700.4.11.1.i586",
"product_id": "python313-nogil-dbm-3.13.5-150700.4.11.1.i586"
}
},
{
"category": "product_version",
"name": "python313-nogil-devel-3.13.5-150700.4.11.1.i586",
"product": {
"name": "python313-nogil-devel-3.13.5-150700.4.11.1.i586",
"product_id": "python313-nogil-devel-3.13.5-150700.4.11.1.i586"
}
},
{
"category": "product_version",
"name": "python313-nogil-idle-3.13.5-150700.4.11.1.i586",
"product": {
"name": "python313-nogil-idle-3.13.5-150700.4.11.1.i586",
"product_id": "python313-nogil-idle-3.13.5-150700.4.11.1.i586"
}
},
{
"category": "product_version",
"name": "python313-nogil-testsuite-3.13.5-150700.4.11.1.i586",
"product": {
"name": "python313-nogil-testsuite-3.13.5-150700.4.11.1.i586",
"product_id": "python313-nogil-testsuite-3.13.5-150700.4.11.1.i586"
}
},
{
"category": "product_version",
"name": "python313-nogil-tk-3.13.5-150700.4.11.1.i586",
"product": {
"name": "python313-nogil-tk-3.13.5-150700.4.11.1.i586",
"product_id": "python313-nogil-tk-3.13.5-150700.4.11.1.i586"
}
},
{
"category": "product_version",
"name": "python313-nogil-tools-3.13.5-150700.4.11.1.i586",
"product": {
"name": "python313-nogil-tools-3.13.5-150700.4.11.1.i586",
"product_id": "python313-nogil-tools-3.13.5-150700.4.11.1.i586"
}
},
{
"category": "product_version",
"name": "python313-testsuite-3.13.5-150700.4.11.1.i586",
"product": {
"name": "python313-testsuite-3.13.5-150700.4.11.1.i586",
"product_id": "python313-testsuite-3.13.5-150700.4.11.1.i586"
}
},
{
"category": "product_version",
"name": "python313-tk-3.13.5-150700.4.11.1.i586",
"product": {
"name": "python313-tk-3.13.5-150700.4.11.1.i586",
"product_id": "python313-tk-3.13.5-150700.4.11.1.i586"
}
},
{
"category": "product_version",
"name": "python313-tools-3.13.5-150700.4.11.1.i586",
"product": {
"name": "python313-tools-3.13.5-150700.4.11.1.i586",
"product_id": "python313-tools-3.13.5-150700.4.11.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"product": {
"name": "libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"product_id": "libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpython3_13t1_0-3.13.5-150700.4.11.1.ppc64le",
"product": {
"name": "libpython3_13t1_0-3.13.5-150700.4.11.1.ppc64le",
"product_id": "libpython3_13t1_0-3.13.5-150700.4.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-3.13.5-150700.4.11.1.ppc64le",
"product": {
"name": "python313-3.13.5-150700.4.11.1.ppc64le",
"product_id": "python313-3.13.5-150700.4.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-base-3.13.5-150700.4.11.1.ppc64le",
"product": {
"name": "python313-base-3.13.5-150700.4.11.1.ppc64le",
"product_id": "python313-base-3.13.5-150700.4.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-curses-3.13.5-150700.4.11.1.ppc64le",
"product": {
"name": "python313-curses-3.13.5-150700.4.11.1.ppc64le",
"product_id": "python313-curses-3.13.5-150700.4.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"product": {
"name": "python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"product_id": "python313-dbm-3.13.5-150700.4.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-devel-3.13.5-150700.4.11.1.ppc64le",
"product": {
"name": "python313-devel-3.13.5-150700.4.11.1.ppc64le",
"product_id": "python313-devel-3.13.5-150700.4.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-doc-3.13.5-150700.4.11.1.ppc64le",
"product": {
"name": "python313-doc-3.13.5-150700.4.11.1.ppc64le",
"product_id": "python313-doc-3.13.5-150700.4.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-doc-devhelp-3.13.5-150700.4.11.1.ppc64le",
"product": {
"name": "python313-doc-devhelp-3.13.5-150700.4.11.1.ppc64le",
"product_id": "python313-doc-devhelp-3.13.5-150700.4.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-idle-3.13.5-150700.4.11.1.ppc64le",
"product": {
"name": "python313-idle-3.13.5-150700.4.11.1.ppc64le",
"product_id": "python313-idle-3.13.5-150700.4.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-nogil-3.13.5-150700.4.11.1.ppc64le",
"product": {
"name": "python313-nogil-3.13.5-150700.4.11.1.ppc64le",
"product_id": "python313-nogil-3.13.5-150700.4.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-nogil-base-3.13.5-150700.4.11.1.ppc64le",
"product": {
"name": "python313-nogil-base-3.13.5-150700.4.11.1.ppc64le",
"product_id": "python313-nogil-base-3.13.5-150700.4.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-nogil-curses-3.13.5-150700.4.11.1.ppc64le",
"product": {
"name": "python313-nogil-curses-3.13.5-150700.4.11.1.ppc64le",
"product_id": "python313-nogil-curses-3.13.5-150700.4.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-nogil-dbm-3.13.5-150700.4.11.1.ppc64le",
"product": {
"name": "python313-nogil-dbm-3.13.5-150700.4.11.1.ppc64le",
"product_id": "python313-nogil-dbm-3.13.5-150700.4.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-nogil-devel-3.13.5-150700.4.11.1.ppc64le",
"product": {
"name": "python313-nogil-devel-3.13.5-150700.4.11.1.ppc64le",
"product_id": "python313-nogil-devel-3.13.5-150700.4.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-nogil-idle-3.13.5-150700.4.11.1.ppc64le",
"product": {
"name": "python313-nogil-idle-3.13.5-150700.4.11.1.ppc64le",
"product_id": "python313-nogil-idle-3.13.5-150700.4.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-nogil-testsuite-3.13.5-150700.4.11.1.ppc64le",
"product": {
"name": "python313-nogil-testsuite-3.13.5-150700.4.11.1.ppc64le",
"product_id": "python313-nogil-testsuite-3.13.5-150700.4.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-nogil-tk-3.13.5-150700.4.11.1.ppc64le",
"product": {
"name": "python313-nogil-tk-3.13.5-150700.4.11.1.ppc64le",
"product_id": "python313-nogil-tk-3.13.5-150700.4.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-nogil-tools-3.13.5-150700.4.11.1.ppc64le",
"product": {
"name": "python313-nogil-tools-3.13.5-150700.4.11.1.ppc64le",
"product_id": "python313-nogil-tools-3.13.5-150700.4.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-testsuite-3.13.5-150700.4.11.1.ppc64le",
"product": {
"name": "python313-testsuite-3.13.5-150700.4.11.1.ppc64le",
"product_id": "python313-testsuite-3.13.5-150700.4.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-tk-3.13.5-150700.4.11.1.ppc64le",
"product": {
"name": "python313-tk-3.13.5-150700.4.11.1.ppc64le",
"product_id": "python313-tk-3.13.5-150700.4.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-tools-3.13.5-150700.4.11.1.ppc64le",
"product": {
"name": "python313-tools-3.13.5-150700.4.11.1.ppc64le",
"product_id": "python313-tools-3.13.5-150700.4.11.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"product": {
"name": "libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"product_id": "libpython3_13-1_0-3.13.5-150700.4.11.1.s390x"
}
},
{
"category": "product_version",
"name": "libpython3_13t1_0-3.13.5-150700.4.11.1.s390x",
"product": {
"name": "libpython3_13t1_0-3.13.5-150700.4.11.1.s390x",
"product_id": "libpython3_13t1_0-3.13.5-150700.4.11.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-3.13.5-150700.4.11.1.s390x",
"product": {
"name": "python313-3.13.5-150700.4.11.1.s390x",
"product_id": "python313-3.13.5-150700.4.11.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-base-3.13.5-150700.4.11.1.s390x",
"product": {
"name": "python313-base-3.13.5-150700.4.11.1.s390x",
"product_id": "python313-base-3.13.5-150700.4.11.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-curses-3.13.5-150700.4.11.1.s390x",
"product": {
"name": "python313-curses-3.13.5-150700.4.11.1.s390x",
"product_id": "python313-curses-3.13.5-150700.4.11.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-dbm-3.13.5-150700.4.11.1.s390x",
"product": {
"name": "python313-dbm-3.13.5-150700.4.11.1.s390x",
"product_id": "python313-dbm-3.13.5-150700.4.11.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-devel-3.13.5-150700.4.11.1.s390x",
"product": {
"name": "python313-devel-3.13.5-150700.4.11.1.s390x",
"product_id": "python313-devel-3.13.5-150700.4.11.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-doc-3.13.5-150700.4.11.1.s390x",
"product": {
"name": "python313-doc-3.13.5-150700.4.11.1.s390x",
"product_id": "python313-doc-3.13.5-150700.4.11.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-doc-devhelp-3.13.5-150700.4.11.1.s390x",
"product": {
"name": "python313-doc-devhelp-3.13.5-150700.4.11.1.s390x",
"product_id": "python313-doc-devhelp-3.13.5-150700.4.11.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-idle-3.13.5-150700.4.11.1.s390x",
"product": {
"name": "python313-idle-3.13.5-150700.4.11.1.s390x",
"product_id": "python313-idle-3.13.5-150700.4.11.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-nogil-3.13.5-150700.4.11.1.s390x",
"product": {
"name": "python313-nogil-3.13.5-150700.4.11.1.s390x",
"product_id": "python313-nogil-3.13.5-150700.4.11.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-nogil-base-3.13.5-150700.4.11.1.s390x",
"product": {
"name": "python313-nogil-base-3.13.5-150700.4.11.1.s390x",
"product_id": "python313-nogil-base-3.13.5-150700.4.11.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-nogil-curses-3.13.5-150700.4.11.1.s390x",
"product": {
"name": "python313-nogil-curses-3.13.5-150700.4.11.1.s390x",
"product_id": "python313-nogil-curses-3.13.5-150700.4.11.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-nogil-dbm-3.13.5-150700.4.11.1.s390x",
"product": {
"name": "python313-nogil-dbm-3.13.5-150700.4.11.1.s390x",
"product_id": "python313-nogil-dbm-3.13.5-150700.4.11.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-nogil-devel-3.13.5-150700.4.11.1.s390x",
"product": {
"name": "python313-nogil-devel-3.13.5-150700.4.11.1.s390x",
"product_id": "python313-nogil-devel-3.13.5-150700.4.11.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-nogil-idle-3.13.5-150700.4.11.1.s390x",
"product": {
"name": "python313-nogil-idle-3.13.5-150700.4.11.1.s390x",
"product_id": "python313-nogil-idle-3.13.5-150700.4.11.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-nogil-testsuite-3.13.5-150700.4.11.1.s390x",
"product": {
"name": "python313-nogil-testsuite-3.13.5-150700.4.11.1.s390x",
"product_id": "python313-nogil-testsuite-3.13.5-150700.4.11.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-nogil-tk-3.13.5-150700.4.11.1.s390x",
"product": {
"name": "python313-nogil-tk-3.13.5-150700.4.11.1.s390x",
"product_id": "python313-nogil-tk-3.13.5-150700.4.11.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-nogil-tools-3.13.5-150700.4.11.1.s390x",
"product": {
"name": "python313-nogil-tools-3.13.5-150700.4.11.1.s390x",
"product_id": "python313-nogil-tools-3.13.5-150700.4.11.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-testsuite-3.13.5-150700.4.11.1.s390x",
"product": {
"name": "python313-testsuite-3.13.5-150700.4.11.1.s390x",
"product_id": "python313-testsuite-3.13.5-150700.4.11.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-tk-3.13.5-150700.4.11.1.s390x",
"product": {
"name": "python313-tk-3.13.5-150700.4.11.1.s390x",
"product_id": "python313-tk-3.13.5-150700.4.11.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-tools-3.13.5-150700.4.11.1.s390x",
"product": {
"name": "python313-tools-3.13.5-150700.4.11.1.s390x",
"product_id": "python313-tools-3.13.5-150700.4.11.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"product": {
"name": "libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"product_id": "libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpython3_13-1_0-32bit-3.13.5-150700.4.11.1.x86_64",
"product": {
"name": "libpython3_13-1_0-32bit-3.13.5-150700.4.11.1.x86_64",
"product_id": "libpython3_13-1_0-32bit-3.13.5-150700.4.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpython3_13t1_0-3.13.5-150700.4.11.1.x86_64",
"product": {
"name": "libpython3_13t1_0-3.13.5-150700.4.11.1.x86_64",
"product_id": "libpython3_13t1_0-3.13.5-150700.4.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-3.13.5-150700.4.11.1.x86_64",
"product": {
"name": "python313-3.13.5-150700.4.11.1.x86_64",
"product_id": "python313-3.13.5-150700.4.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-32bit-3.13.5-150700.4.11.1.x86_64",
"product": {
"name": "python313-32bit-3.13.5-150700.4.11.1.x86_64",
"product_id": "python313-32bit-3.13.5-150700.4.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-base-3.13.5-150700.4.11.1.x86_64",
"product": {
"name": "python313-base-3.13.5-150700.4.11.1.x86_64",
"product_id": "python313-base-3.13.5-150700.4.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-base-32bit-3.13.5-150700.4.11.1.x86_64",
"product": {
"name": "python313-base-32bit-3.13.5-150700.4.11.1.x86_64",
"product_id": "python313-base-32bit-3.13.5-150700.4.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-curses-3.13.5-150700.4.11.1.x86_64",
"product": {
"name": "python313-curses-3.13.5-150700.4.11.1.x86_64",
"product_id": "python313-curses-3.13.5-150700.4.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-dbm-3.13.5-150700.4.11.1.x86_64",
"product": {
"name": "python313-dbm-3.13.5-150700.4.11.1.x86_64",
"product_id": "python313-dbm-3.13.5-150700.4.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-devel-3.13.5-150700.4.11.1.x86_64",
"product": {
"name": "python313-devel-3.13.5-150700.4.11.1.x86_64",
"product_id": "python313-devel-3.13.5-150700.4.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-doc-3.13.5-150700.4.11.1.x86_64",
"product": {
"name": "python313-doc-3.13.5-150700.4.11.1.x86_64",
"product_id": "python313-doc-3.13.5-150700.4.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-doc-devhelp-3.13.5-150700.4.11.1.x86_64",
"product": {
"name": "python313-doc-devhelp-3.13.5-150700.4.11.1.x86_64",
"product_id": "python313-doc-devhelp-3.13.5-150700.4.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-idle-3.13.5-150700.4.11.1.x86_64",
"product": {
"name": "python313-idle-3.13.5-150700.4.11.1.x86_64",
"product_id": "python313-idle-3.13.5-150700.4.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-nogil-3.13.5-150700.4.11.1.x86_64",
"product": {
"name": "python313-nogil-3.13.5-150700.4.11.1.x86_64",
"product_id": "python313-nogil-3.13.5-150700.4.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-nogil-base-3.13.5-150700.4.11.1.x86_64",
"product": {
"name": "python313-nogil-base-3.13.5-150700.4.11.1.x86_64",
"product_id": "python313-nogil-base-3.13.5-150700.4.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-nogil-curses-3.13.5-150700.4.11.1.x86_64",
"product": {
"name": "python313-nogil-curses-3.13.5-150700.4.11.1.x86_64",
"product_id": "python313-nogil-curses-3.13.5-150700.4.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-nogil-dbm-3.13.5-150700.4.11.1.x86_64",
"product": {
"name": "python313-nogil-dbm-3.13.5-150700.4.11.1.x86_64",
"product_id": "python313-nogil-dbm-3.13.5-150700.4.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-nogil-devel-3.13.5-150700.4.11.1.x86_64",
"product": {
"name": "python313-nogil-devel-3.13.5-150700.4.11.1.x86_64",
"product_id": "python313-nogil-devel-3.13.5-150700.4.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-nogil-idle-3.13.5-150700.4.11.1.x86_64",
"product": {
"name": "python313-nogil-idle-3.13.5-150700.4.11.1.x86_64",
"product_id": "python313-nogil-idle-3.13.5-150700.4.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-nogil-testsuite-3.13.5-150700.4.11.1.x86_64",
"product": {
"name": "python313-nogil-testsuite-3.13.5-150700.4.11.1.x86_64",
"product_id": "python313-nogil-testsuite-3.13.5-150700.4.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-nogil-tk-3.13.5-150700.4.11.1.x86_64",
"product": {
"name": "python313-nogil-tk-3.13.5-150700.4.11.1.x86_64",
"product_id": "python313-nogil-tk-3.13.5-150700.4.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-nogil-tools-3.13.5-150700.4.11.1.x86_64",
"product": {
"name": "python313-nogil-tools-3.13.5-150700.4.11.1.x86_64",
"product_id": "python313-nogil-tools-3.13.5-150700.4.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-testsuite-3.13.5-150700.4.11.1.x86_64",
"product": {
"name": "python313-testsuite-3.13.5-150700.4.11.1.x86_64",
"product_id": "python313-testsuite-3.13.5-150700.4.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-tk-3.13.5-150700.4.11.1.x86_64",
"product": {
"name": "python313-tk-3.13.5-150700.4.11.1.x86_64",
"product_id": "python313-tk-3.13.5-150700.4.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-tools-3.13.5-150700.4.11.1.x86_64",
"product": {
"name": "python313-tools-3.13.5-150700.4.11.1.x86_64",
"product_id": "python313-tools-3.13.5-150700.4.11.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Python 3 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-python3:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64"
},
"product_reference": "libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le"
},
"product_reference": "libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_13-1_0-3.13.5-150700.4.11.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x"
},
"product_reference": "libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64"
},
"product_reference": "libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-3.13.5-150700.4.11.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64"
},
"product_reference": "python313-3.13.5-150700.4.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-3.13.5-150700.4.11.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le"
},
"product_reference": "python313-3.13.5-150700.4.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-3.13.5-150700.4.11.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x"
},
"product_reference": "python313-3.13.5-150700.4.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-3.13.5-150700.4.11.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64"
},
"product_reference": "python313-3.13.5-150700.4.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-base-3.13.5-150700.4.11.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64"
},
"product_reference": "python313-base-3.13.5-150700.4.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-base-3.13.5-150700.4.11.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le"
},
"product_reference": "python313-base-3.13.5-150700.4.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-base-3.13.5-150700.4.11.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x"
},
"product_reference": "python313-base-3.13.5-150700.4.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-base-3.13.5-150700.4.11.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64"
},
"product_reference": "python313-base-3.13.5-150700.4.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-curses-3.13.5-150700.4.11.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64"
},
"product_reference": "python313-curses-3.13.5-150700.4.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-curses-3.13.5-150700.4.11.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le"
},
"product_reference": "python313-curses-3.13.5-150700.4.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-curses-3.13.5-150700.4.11.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x"
},
"product_reference": "python313-curses-3.13.5-150700.4.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-curses-3.13.5-150700.4.11.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64"
},
"product_reference": "python313-curses-3.13.5-150700.4.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-dbm-3.13.5-150700.4.11.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64"
},
"product_reference": "python313-dbm-3.13.5-150700.4.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-dbm-3.13.5-150700.4.11.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le"
},
"product_reference": "python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-dbm-3.13.5-150700.4.11.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x"
},
"product_reference": "python313-dbm-3.13.5-150700.4.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-dbm-3.13.5-150700.4.11.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64"
},
"product_reference": "python313-dbm-3.13.5-150700.4.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-devel-3.13.5-150700.4.11.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64"
},
"product_reference": "python313-devel-3.13.5-150700.4.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-devel-3.13.5-150700.4.11.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le"
},
"product_reference": "python313-devel-3.13.5-150700.4.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-devel-3.13.5-150700.4.11.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x"
},
"product_reference": "python313-devel-3.13.5-150700.4.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-devel-3.13.5-150700.4.11.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64"
},
"product_reference": "python313-devel-3.13.5-150700.4.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-idle-3.13.5-150700.4.11.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64"
},
"product_reference": "python313-idle-3.13.5-150700.4.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-idle-3.13.5-150700.4.11.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le"
},
"product_reference": "python313-idle-3.13.5-150700.4.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-idle-3.13.5-150700.4.11.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x"
},
"product_reference": "python313-idle-3.13.5-150700.4.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-idle-3.13.5-150700.4.11.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64"
},
"product_reference": "python313-idle-3.13.5-150700.4.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-tk-3.13.5-150700.4.11.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64"
},
"product_reference": "python313-tk-3.13.5-150700.4.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-tk-3.13.5-150700.4.11.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le"
},
"product_reference": "python313-tk-3.13.5-150700.4.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-tk-3.13.5-150700.4.11.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x"
},
"product_reference": "python313-tk-3.13.5-150700.4.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-tk-3.13.5-150700.4.11.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64"
},
"product_reference": "python313-tk-3.13.5-150700.4.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-tools-3.13.5-150700.4.11.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64"
},
"product_reference": "python313-tools-3.13.5-150700.4.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-tools-3.13.5-150700.4.11.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le"
},
"product_reference": "python313-tools-3.13.5-150700.4.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-tools-3.13.5-150700.4.11.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x"
},
"product_reference": "python313-tools-3.13.5-150700.4.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-tools-3.13.5-150700.4.11.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
},
"product_reference": "python313-tools-3.13.5-150700.4.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12254",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12254"
}
],
"notes": [
{
"category": "general",
"text": "Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines()\n method would not \"pause\" writing and signal to the Protocol to drain \nthe buffer to the wire once the write buffer reached the \"high-water \nmark\". Because of this, Protocols would not periodically drain the write\n buffer potentially leading to memory exhaustion.\n\n\n\n\n\nThis\n vulnerability likely impacts a small number of users, you must be using\n Python 3.12.0 or later, on macOS or Linux, using the asyncio module \nwith protocols, and using .writelines() method which had new \nzero-copy-on-write behavior in Python 3.12.0 and later. If not all of \nthese factors are true then your usage of Python is unaffected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12254",
"url": "https://www.suse.com/security/cve/CVE-2024-12254"
},
{
"category": "external",
"summary": "SUSE Bug 1234290 for CVE-2024-12254",
"url": "https://bugzilla.suse.com/1234290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T07:26:36Z",
"details": "important"
}
],
"title": "CVE-2024-12254"
},
{
"cve": "CVE-2024-12718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12718"
}
],
"notes": [
{
"category": "general",
"text": "Allows modifying some file metadata (e.g. last modified) with filter=\"data\" or file permissions (chmod) with filter=\"tar\" of files outside the extraction directory.\nYou are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of \"data\" or \"tar\". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don\u0027t include the extraction filter feature.\n\nNote that for Python 3.14 or later the default value of filter= changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\n\nNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12718",
"url": "https://www.suse.com/security/cve/CVE-2024-12718"
},
{
"category": "external",
"summary": "SUSE Bug 1244056 for CVE-2024-12718",
"url": "https://bugzilla.suse.com/1244056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T07:26:36Z",
"details": "moderate"
}
],
"title": "CVE-2024-12718"
},
{
"cve": "CVE-2024-9287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-9287"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts (ie \"source venv/bin/activate\"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren\u0027t activated before being used (ie \"./venv/bin/python\") are not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-9287",
"url": "https://www.suse.com/security/cve/CVE-2024-9287"
},
{
"category": "external",
"summary": "SUSE Bug 1232241 for CVE-2024-9287",
"url": "https://bugzilla.suse.com/1232241"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T07:26:36Z",
"details": "moderate"
}
],
"title": "CVE-2024-9287"
},
{
"cve": "CVE-2025-0938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-0938"
}
],
"notes": [
{
"category": "general",
"text": "The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn\u0027t valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-0938",
"url": "https://www.suse.com/security/cve/CVE-2025-0938"
},
{
"category": "external",
"summary": "SUSE Bug 1236705 for CVE-2025-0938",
"url": "https://bugzilla.suse.com/1236705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T07:26:36Z",
"details": "moderate"
}
],
"title": "CVE-2025-0938"
},
{
"cve": "CVE-2025-1795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1795"
}
],
"notes": [
{
"category": "general",
"text": "During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1795",
"url": "https://www.suse.com/security/cve/CVE-2025-1795"
},
{
"category": "external",
"summary": "SUSE Bug 1238450 for CVE-2025-1795",
"url": "https://bugzilla.suse.com/1238450"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T07:26:36Z",
"details": "low"
}
],
"title": "CVE-2025-1795"
},
{
"cve": "CVE-2025-4138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4138"
}
],
"notes": [
{
"category": "general",
"text": "Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.\n\n\nYou are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of \"data\" or \"tar\". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information.\n\nNote that for Python 3.14 or later the default value of filter= changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\n\nNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4138",
"url": "https://www.suse.com/security/cve/CVE-2025-4138"
},
{
"category": "external",
"summary": "SUSE Bug 1244059 for CVE-2025-4138",
"url": "https://bugzilla.suse.com/1244059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T07:26:36Z",
"details": "important"
}
],
"title": "CVE-2025-4138"
},
{
"cve": "CVE-2025-4330",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4330"
}
],
"notes": [
{
"category": "general",
"text": "Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.\n\n\nYou are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of \"data\" or \"tar\". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information.\n\nNote that for Python 3.14 or later the default value of filter= changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\n\nNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4330",
"url": "https://www.suse.com/security/cve/CVE-2025-4330"
},
{
"category": "external",
"summary": "SUSE Bug 1244060 for CVE-2025-4330",
"url": "https://bugzilla.suse.com/1244060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T07:26:36Z",
"details": "important"
}
],
"title": "CVE-2025-4330"
},
{
"cve": "CVE-2025-4516",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4516"
}
],
"notes": [
{
"category": "general",
"text": "There is an issue in CPython when using `bytes.decode(\"unicode_escape\", error=\"ignore|replace\")`. If you are not using the \"unicode_escape\" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4516",
"url": "https://www.suse.com/security/cve/CVE-2025-4516"
},
{
"category": "external",
"summary": "SUSE Bug 1243273 for CVE-2025-4516",
"url": "https://bugzilla.suse.com/1243273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T07:26:36Z",
"details": "moderate"
}
],
"title": "CVE-2025-4516"
},
{
"cve": "CVE-2025-4517",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4517"
}
],
"notes": [
{
"category": "general",
"text": "Allows arbitrary filesystem writes outside the extraction directory during extraction with filter=\"data\".\n\n\nYou are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of \"data\" or \"tar\". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information.\n\nNote that for Python 3.14 or later the default value of filter= changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\n\nNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4517",
"url": "https://www.suse.com/security/cve/CVE-2025-4517"
},
{
"category": "external",
"summary": "SUSE Bug 1244032 for CVE-2025-4517",
"url": "https://bugzilla.suse.com/1244032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:libpython3_13-1_0-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-base-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-curses-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-dbm-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-devel-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-idle-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tk-3.13.5-150700.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python313-tools-3.13.5-150700.4.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-24T07:26:36Z",
"details": "important"
}
],
"title": "CVE-2025-4517"
}
]
}
SUSE-SU-2025:0386-1
Vulnerability from csaf_suse - Published: 2025-02-07 17:13 - Updated: 2025-02-07 17:13Summary
Security update for python39
Severity
Moderate
Notes
Title of the patch: Security update for python39
Description of the patch: This update for python39 fixes the following issues:
- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)
Patchnames: SUSE-2025-386,openSUSE-SLE-15.6-2025-386
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4 (Medium)
Affected products
Recommended
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.6:libpython3_9-1_0-3.9.21-150300.4.64.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libpython3_9-1_0-3.9.21-150300.4.64.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libpython3_9-1_0-3.9.21-150300.4.64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libpython3_9-1_0-3.9.21-150300.4.64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libpython3_9-1_0-32bit-3.9.21-150300.4.64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-3.9.21-150300.4.64.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-3.9.21-150300.4.64.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-3.9.21-150300.4.64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-3.9.21-150300.4.64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-32bit-3.9.21-150300.4.64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-base-3.9.21-150300.4.64.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-base-3.9.21-150300.4.64.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-base-3.9.21-150300.4.64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-base-3.9.21-150300.4.64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-base-32bit-3.9.21-150300.4.64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-curses-3.9.21-150300.4.64.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-curses-3.9.21-150300.4.64.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-curses-3.9.21-150300.4.64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-curses-3.9.21-150300.4.64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-dbm-3.9.21-150300.4.64.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-dbm-3.9.21-150300.4.64.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-dbm-3.9.21-150300.4.64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-dbm-3.9.21-150300.4.64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-devel-3.9.21-150300.4.64.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-devel-3.9.21-150300.4.64.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-devel-3.9.21-150300.4.64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-devel-3.9.21-150300.4.64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-doc-3.9.21-150300.4.64.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-doc-3.9.21-150300.4.64.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-doc-3.9.21-150300.4.64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-doc-3.9.21-150300.4.64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-doc-devhelp-3.9.21-150300.4.64.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-doc-devhelp-3.9.21-150300.4.64.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-doc-devhelp-3.9.21-150300.4.64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-doc-devhelp-3.9.21-150300.4.64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-idle-3.9.21-150300.4.64.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-idle-3.9.21-150300.4.64.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-idle-3.9.21-150300.4.64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-idle-3.9.21-150300.4.64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-testsuite-3.9.21-150300.4.64.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-testsuite-3.9.21-150300.4.64.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-testsuite-3.9.21-150300.4.64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-testsuite-3.9.21-150300.4.64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-tk-3.9.21-150300.4.64.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-tk-3.9.21-150300.4.64.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-tk-3.9.21-150300.4.64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-tk-3.9.21-150300.4.64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-tools-3.9.21-150300.4.64.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-tools-3.9.21-150300.4.64.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-tools-3.9.21-150300.4.64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-tools-3.9.21-150300.4.64.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python39",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python39 fixes the following issues:\n\n- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-386,openSUSE-SLE-15.6-2025-386",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0386-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0386-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250386-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0386-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020291.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236705",
"url": "https://bugzilla.suse.com/1236705"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-0938 page",
"url": "https://www.suse.com/security/cve/CVE-2025-0938/"
}
],
"title": "Security update for python39",
"tracking": {
"current_release_date": "2025-02-07T17:13:32Z",
"generator": {
"date": "2025-02-07T17:13:32Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0386-1",
"initial_release_date": "2025-02-07T17:13:32Z",
"revision_history": [
{
"date": "2025-02-07T17:13:32Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpython3_9-1_0-3.9.21-150300.4.64.1.aarch64",
"product": {
"name": "libpython3_9-1_0-3.9.21-150300.4.64.1.aarch64",
"product_id": "libpython3_9-1_0-3.9.21-150300.4.64.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-3.9.21-150300.4.64.1.aarch64",
"product": {
"name": "python39-3.9.21-150300.4.64.1.aarch64",
"product_id": "python39-3.9.21-150300.4.64.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-base-3.9.21-150300.4.64.1.aarch64",
"product": {
"name": "python39-base-3.9.21-150300.4.64.1.aarch64",
"product_id": "python39-base-3.9.21-150300.4.64.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-curses-3.9.21-150300.4.64.1.aarch64",
"product": {
"name": "python39-curses-3.9.21-150300.4.64.1.aarch64",
"product_id": "python39-curses-3.9.21-150300.4.64.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-dbm-3.9.21-150300.4.64.1.aarch64",
"product": {
"name": "python39-dbm-3.9.21-150300.4.64.1.aarch64",
"product_id": "python39-dbm-3.9.21-150300.4.64.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-devel-3.9.21-150300.4.64.1.aarch64",
"product": {
"name": "python39-devel-3.9.21-150300.4.64.1.aarch64",
"product_id": "python39-devel-3.9.21-150300.4.64.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-doc-3.9.21-150300.4.64.1.aarch64",
"product": {
"name": "python39-doc-3.9.21-150300.4.64.1.aarch64",
"product_id": "python39-doc-3.9.21-150300.4.64.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-doc-devhelp-3.9.21-150300.4.64.1.aarch64",
"product": {
"name": "python39-doc-devhelp-3.9.21-150300.4.64.1.aarch64",
"product_id": "python39-doc-devhelp-3.9.21-150300.4.64.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-idle-3.9.21-150300.4.64.1.aarch64",
"product": {
"name": "python39-idle-3.9.21-150300.4.64.1.aarch64",
"product_id": "python39-idle-3.9.21-150300.4.64.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-testsuite-3.9.21-150300.4.64.1.aarch64",
"product": {
"name": "python39-testsuite-3.9.21-150300.4.64.1.aarch64",
"product_id": "python39-testsuite-3.9.21-150300.4.64.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-tk-3.9.21-150300.4.64.1.aarch64",
"product": {
"name": "python39-tk-3.9.21-150300.4.64.1.aarch64",
"product_id": "python39-tk-3.9.21-150300.4.64.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-tools-3.9.21-150300.4.64.1.aarch64",
"product": {
"name": "python39-tools-3.9.21-150300.4.64.1.aarch64",
"product_id": "python39-tools-3.9.21-150300.4.64.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_9-1_0-64bit-3.9.21-150300.4.64.1.aarch64_ilp32",
"product": {
"name": "libpython3_9-1_0-64bit-3.9.21-150300.4.64.1.aarch64_ilp32",
"product_id": "libpython3_9-1_0-64bit-3.9.21-150300.4.64.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "python39-64bit-3.9.21-150300.4.64.1.aarch64_ilp32",
"product": {
"name": "python39-64bit-3.9.21-150300.4.64.1.aarch64_ilp32",
"product_id": "python39-64bit-3.9.21-150300.4.64.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "python39-base-64bit-3.9.21-150300.4.64.1.aarch64_ilp32",
"product": {
"name": "python39-base-64bit-3.9.21-150300.4.64.1.aarch64_ilp32",
"product_id": "python39-base-64bit-3.9.21-150300.4.64.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_9-1_0-3.9.21-150300.4.64.1.i586",
"product": {
"name": "libpython3_9-1_0-3.9.21-150300.4.64.1.i586",
"product_id": "libpython3_9-1_0-3.9.21-150300.4.64.1.i586"
}
},
{
"category": "product_version",
"name": "python39-3.9.21-150300.4.64.1.i586",
"product": {
"name": "python39-3.9.21-150300.4.64.1.i586",
"product_id": "python39-3.9.21-150300.4.64.1.i586"
}
},
{
"category": "product_version",
"name": "python39-base-3.9.21-150300.4.64.1.i586",
"product": {
"name": "python39-base-3.9.21-150300.4.64.1.i586",
"product_id": "python39-base-3.9.21-150300.4.64.1.i586"
}
},
{
"category": "product_version",
"name": "python39-curses-3.9.21-150300.4.64.1.i586",
"product": {
"name": "python39-curses-3.9.21-150300.4.64.1.i586",
"product_id": "python39-curses-3.9.21-150300.4.64.1.i586"
}
},
{
"category": "product_version",
"name": "python39-dbm-3.9.21-150300.4.64.1.i586",
"product": {
"name": "python39-dbm-3.9.21-150300.4.64.1.i586",
"product_id": "python39-dbm-3.9.21-150300.4.64.1.i586"
}
},
{
"category": "product_version",
"name": "python39-devel-3.9.21-150300.4.64.1.i586",
"product": {
"name": "python39-devel-3.9.21-150300.4.64.1.i586",
"product_id": "python39-devel-3.9.21-150300.4.64.1.i586"
}
},
{
"category": "product_version",
"name": "python39-doc-3.9.21-150300.4.64.1.i586",
"product": {
"name": "python39-doc-3.9.21-150300.4.64.1.i586",
"product_id": "python39-doc-3.9.21-150300.4.64.1.i586"
}
},
{
"category": "product_version",
"name": "python39-doc-devhelp-3.9.21-150300.4.64.1.i586",
"product": {
"name": "python39-doc-devhelp-3.9.21-150300.4.64.1.i586",
"product_id": "python39-doc-devhelp-3.9.21-150300.4.64.1.i586"
}
},
{
"category": "product_version",
"name": "python39-idle-3.9.21-150300.4.64.1.i586",
"product": {
"name": "python39-idle-3.9.21-150300.4.64.1.i586",
"product_id": "python39-idle-3.9.21-150300.4.64.1.i586"
}
},
{
"category": "product_version",
"name": "python39-testsuite-3.9.21-150300.4.64.1.i586",
"product": {
"name": "python39-testsuite-3.9.21-150300.4.64.1.i586",
"product_id": "python39-testsuite-3.9.21-150300.4.64.1.i586"
}
},
{
"category": "product_version",
"name": "python39-tk-3.9.21-150300.4.64.1.i586",
"product": {
"name": "python39-tk-3.9.21-150300.4.64.1.i586",
"product_id": "python39-tk-3.9.21-150300.4.64.1.i586"
}
},
{
"category": "product_version",
"name": "python39-tools-3.9.21-150300.4.64.1.i586",
"product": {
"name": "python39-tools-3.9.21-150300.4.64.1.i586",
"product_id": "python39-tools-3.9.21-150300.4.64.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_9-1_0-3.9.21-150300.4.64.1.ppc64le",
"product": {
"name": "libpython3_9-1_0-3.9.21-150300.4.64.1.ppc64le",
"product_id": "libpython3_9-1_0-3.9.21-150300.4.64.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-3.9.21-150300.4.64.1.ppc64le",
"product": {
"name": "python39-3.9.21-150300.4.64.1.ppc64le",
"product_id": "python39-3.9.21-150300.4.64.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-base-3.9.21-150300.4.64.1.ppc64le",
"product": {
"name": "python39-base-3.9.21-150300.4.64.1.ppc64le",
"product_id": "python39-base-3.9.21-150300.4.64.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-curses-3.9.21-150300.4.64.1.ppc64le",
"product": {
"name": "python39-curses-3.9.21-150300.4.64.1.ppc64le",
"product_id": "python39-curses-3.9.21-150300.4.64.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-dbm-3.9.21-150300.4.64.1.ppc64le",
"product": {
"name": "python39-dbm-3.9.21-150300.4.64.1.ppc64le",
"product_id": "python39-dbm-3.9.21-150300.4.64.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-devel-3.9.21-150300.4.64.1.ppc64le",
"product": {
"name": "python39-devel-3.9.21-150300.4.64.1.ppc64le",
"product_id": "python39-devel-3.9.21-150300.4.64.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-doc-3.9.21-150300.4.64.1.ppc64le",
"product": {
"name": "python39-doc-3.9.21-150300.4.64.1.ppc64le",
"product_id": "python39-doc-3.9.21-150300.4.64.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-doc-devhelp-3.9.21-150300.4.64.1.ppc64le",
"product": {
"name": "python39-doc-devhelp-3.9.21-150300.4.64.1.ppc64le",
"product_id": "python39-doc-devhelp-3.9.21-150300.4.64.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-idle-3.9.21-150300.4.64.1.ppc64le",
"product": {
"name": "python39-idle-3.9.21-150300.4.64.1.ppc64le",
"product_id": "python39-idle-3.9.21-150300.4.64.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-testsuite-3.9.21-150300.4.64.1.ppc64le",
"product": {
"name": "python39-testsuite-3.9.21-150300.4.64.1.ppc64le",
"product_id": "python39-testsuite-3.9.21-150300.4.64.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-tk-3.9.21-150300.4.64.1.ppc64le",
"product": {
"name": "python39-tk-3.9.21-150300.4.64.1.ppc64le",
"product_id": "python39-tk-3.9.21-150300.4.64.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-tools-3.9.21-150300.4.64.1.ppc64le",
"product": {
"name": "python39-tools-3.9.21-150300.4.64.1.ppc64le",
"product_id": "python39-tools-3.9.21-150300.4.64.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_9-1_0-3.9.21-150300.4.64.1.s390x",
"product": {
"name": "libpython3_9-1_0-3.9.21-150300.4.64.1.s390x",
"product_id": "libpython3_9-1_0-3.9.21-150300.4.64.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-3.9.21-150300.4.64.1.s390x",
"product": {
"name": "python39-3.9.21-150300.4.64.1.s390x",
"product_id": "python39-3.9.21-150300.4.64.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-base-3.9.21-150300.4.64.1.s390x",
"product": {
"name": "python39-base-3.9.21-150300.4.64.1.s390x",
"product_id": "python39-base-3.9.21-150300.4.64.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-curses-3.9.21-150300.4.64.1.s390x",
"product": {
"name": "python39-curses-3.9.21-150300.4.64.1.s390x",
"product_id": "python39-curses-3.9.21-150300.4.64.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-dbm-3.9.21-150300.4.64.1.s390x",
"product": {
"name": "python39-dbm-3.9.21-150300.4.64.1.s390x",
"product_id": "python39-dbm-3.9.21-150300.4.64.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-devel-3.9.21-150300.4.64.1.s390x",
"product": {
"name": "python39-devel-3.9.21-150300.4.64.1.s390x",
"product_id": "python39-devel-3.9.21-150300.4.64.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-doc-3.9.21-150300.4.64.1.s390x",
"product": {
"name": "python39-doc-3.9.21-150300.4.64.1.s390x",
"product_id": "python39-doc-3.9.21-150300.4.64.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-doc-devhelp-3.9.21-150300.4.64.1.s390x",
"product": {
"name": "python39-doc-devhelp-3.9.21-150300.4.64.1.s390x",
"product_id": "python39-doc-devhelp-3.9.21-150300.4.64.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-idle-3.9.21-150300.4.64.1.s390x",
"product": {
"name": "python39-idle-3.9.21-150300.4.64.1.s390x",
"product_id": "python39-idle-3.9.21-150300.4.64.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-testsuite-3.9.21-150300.4.64.1.s390x",
"product": {
"name": "python39-testsuite-3.9.21-150300.4.64.1.s390x",
"product_id": "python39-testsuite-3.9.21-150300.4.64.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-tk-3.9.21-150300.4.64.1.s390x",
"product": {
"name": "python39-tk-3.9.21-150300.4.64.1.s390x",
"product_id": "python39-tk-3.9.21-150300.4.64.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-tools-3.9.21-150300.4.64.1.s390x",
"product": {
"name": "python39-tools-3.9.21-150300.4.64.1.s390x",
"product_id": "python39-tools-3.9.21-150300.4.64.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_9-1_0-3.9.21-150300.4.64.1.x86_64",
"product": {
"name": "libpython3_9-1_0-3.9.21-150300.4.64.1.x86_64",
"product_id": "libpython3_9-1_0-3.9.21-150300.4.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpython3_9-1_0-32bit-3.9.21-150300.4.64.1.x86_64",
"product": {
"name": "libpython3_9-1_0-32bit-3.9.21-150300.4.64.1.x86_64",
"product_id": "libpython3_9-1_0-32bit-3.9.21-150300.4.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-3.9.21-150300.4.64.1.x86_64",
"product": {
"name": "python39-3.9.21-150300.4.64.1.x86_64",
"product_id": "python39-3.9.21-150300.4.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-32bit-3.9.21-150300.4.64.1.x86_64",
"product": {
"name": "python39-32bit-3.9.21-150300.4.64.1.x86_64",
"product_id": "python39-32bit-3.9.21-150300.4.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-base-3.9.21-150300.4.64.1.x86_64",
"product": {
"name": "python39-base-3.9.21-150300.4.64.1.x86_64",
"product_id": "python39-base-3.9.21-150300.4.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-base-32bit-3.9.21-150300.4.64.1.x86_64",
"product": {
"name": "python39-base-32bit-3.9.21-150300.4.64.1.x86_64",
"product_id": "python39-base-32bit-3.9.21-150300.4.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-curses-3.9.21-150300.4.64.1.x86_64",
"product": {
"name": "python39-curses-3.9.21-150300.4.64.1.x86_64",
"product_id": "python39-curses-3.9.21-150300.4.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-dbm-3.9.21-150300.4.64.1.x86_64",
"product": {
"name": "python39-dbm-3.9.21-150300.4.64.1.x86_64",
"product_id": "python39-dbm-3.9.21-150300.4.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-devel-3.9.21-150300.4.64.1.x86_64",
"product": {
"name": "python39-devel-3.9.21-150300.4.64.1.x86_64",
"product_id": "python39-devel-3.9.21-150300.4.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-doc-3.9.21-150300.4.64.1.x86_64",
"product": {
"name": "python39-doc-3.9.21-150300.4.64.1.x86_64",
"product_id": "python39-doc-3.9.21-150300.4.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-doc-devhelp-3.9.21-150300.4.64.1.x86_64",
"product": {
"name": "python39-doc-devhelp-3.9.21-150300.4.64.1.x86_64",
"product_id": "python39-doc-devhelp-3.9.21-150300.4.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-idle-3.9.21-150300.4.64.1.x86_64",
"product": {
"name": "python39-idle-3.9.21-150300.4.64.1.x86_64",
"product_id": "python39-idle-3.9.21-150300.4.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-testsuite-3.9.21-150300.4.64.1.x86_64",
"product": {
"name": "python39-testsuite-3.9.21-150300.4.64.1.x86_64",
"product_id": "python39-testsuite-3.9.21-150300.4.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-tk-3.9.21-150300.4.64.1.x86_64",
"product": {
"name": "python39-tk-3.9.21-150300.4.64.1.x86_64",
"product_id": "python39-tk-3.9.21-150300.4.64.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-tools-3.9.21-150300.4.64.1.x86_64",
"product": {
"name": "python39-tools-3.9.21-150300.4.64.1.x86_64",
"product_id": "python39-tools-3.9.21-150300.4.64.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_9-1_0-3.9.21-150300.4.64.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython3_9-1_0-3.9.21-150300.4.64.1.aarch64"
},
"product_reference": "libpython3_9-1_0-3.9.21-150300.4.64.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_9-1_0-3.9.21-150300.4.64.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython3_9-1_0-3.9.21-150300.4.64.1.ppc64le"
},
"product_reference": "libpython3_9-1_0-3.9.21-150300.4.64.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_9-1_0-3.9.21-150300.4.64.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython3_9-1_0-3.9.21-150300.4.64.1.s390x"
},
"product_reference": "libpython3_9-1_0-3.9.21-150300.4.64.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_9-1_0-3.9.21-150300.4.64.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython3_9-1_0-3.9.21-150300.4.64.1.x86_64"
},
"product_reference": "libpython3_9-1_0-3.9.21-150300.4.64.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_9-1_0-32bit-3.9.21-150300.4.64.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython3_9-1_0-32bit-3.9.21-150300.4.64.1.x86_64"
},
"product_reference": "libpython3_9-1_0-32bit-3.9.21-150300.4.64.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-3.9.21-150300.4.64.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-3.9.21-150300.4.64.1.aarch64"
},
"product_reference": "python39-3.9.21-150300.4.64.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-3.9.21-150300.4.64.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-3.9.21-150300.4.64.1.ppc64le"
},
"product_reference": "python39-3.9.21-150300.4.64.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-3.9.21-150300.4.64.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-3.9.21-150300.4.64.1.s390x"
},
"product_reference": "python39-3.9.21-150300.4.64.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-3.9.21-150300.4.64.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-3.9.21-150300.4.64.1.x86_64"
},
"product_reference": "python39-3.9.21-150300.4.64.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-32bit-3.9.21-150300.4.64.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-32bit-3.9.21-150300.4.64.1.x86_64"
},
"product_reference": "python39-32bit-3.9.21-150300.4.64.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-base-3.9.21-150300.4.64.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-base-3.9.21-150300.4.64.1.aarch64"
},
"product_reference": "python39-base-3.9.21-150300.4.64.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-base-3.9.21-150300.4.64.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-base-3.9.21-150300.4.64.1.ppc64le"
},
"product_reference": "python39-base-3.9.21-150300.4.64.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-base-3.9.21-150300.4.64.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-base-3.9.21-150300.4.64.1.s390x"
},
"product_reference": "python39-base-3.9.21-150300.4.64.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-base-3.9.21-150300.4.64.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-base-3.9.21-150300.4.64.1.x86_64"
},
"product_reference": "python39-base-3.9.21-150300.4.64.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-base-32bit-3.9.21-150300.4.64.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-base-32bit-3.9.21-150300.4.64.1.x86_64"
},
"product_reference": "python39-base-32bit-3.9.21-150300.4.64.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-curses-3.9.21-150300.4.64.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-curses-3.9.21-150300.4.64.1.aarch64"
},
"product_reference": "python39-curses-3.9.21-150300.4.64.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-curses-3.9.21-150300.4.64.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-curses-3.9.21-150300.4.64.1.ppc64le"
},
"product_reference": "python39-curses-3.9.21-150300.4.64.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-curses-3.9.21-150300.4.64.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-curses-3.9.21-150300.4.64.1.s390x"
},
"product_reference": "python39-curses-3.9.21-150300.4.64.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-curses-3.9.21-150300.4.64.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-curses-3.9.21-150300.4.64.1.x86_64"
},
"product_reference": "python39-curses-3.9.21-150300.4.64.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-dbm-3.9.21-150300.4.64.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-dbm-3.9.21-150300.4.64.1.aarch64"
},
"product_reference": "python39-dbm-3.9.21-150300.4.64.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-dbm-3.9.21-150300.4.64.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-dbm-3.9.21-150300.4.64.1.ppc64le"
},
"product_reference": "python39-dbm-3.9.21-150300.4.64.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-dbm-3.9.21-150300.4.64.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-dbm-3.9.21-150300.4.64.1.s390x"
},
"product_reference": "python39-dbm-3.9.21-150300.4.64.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-dbm-3.9.21-150300.4.64.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-dbm-3.9.21-150300.4.64.1.x86_64"
},
"product_reference": "python39-dbm-3.9.21-150300.4.64.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-devel-3.9.21-150300.4.64.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-devel-3.9.21-150300.4.64.1.aarch64"
},
"product_reference": "python39-devel-3.9.21-150300.4.64.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-devel-3.9.21-150300.4.64.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-devel-3.9.21-150300.4.64.1.ppc64le"
},
"product_reference": "python39-devel-3.9.21-150300.4.64.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-devel-3.9.21-150300.4.64.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-devel-3.9.21-150300.4.64.1.s390x"
},
"product_reference": "python39-devel-3.9.21-150300.4.64.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-devel-3.9.21-150300.4.64.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-devel-3.9.21-150300.4.64.1.x86_64"
},
"product_reference": "python39-devel-3.9.21-150300.4.64.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-doc-3.9.21-150300.4.64.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-doc-3.9.21-150300.4.64.1.aarch64"
},
"product_reference": "python39-doc-3.9.21-150300.4.64.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-doc-3.9.21-150300.4.64.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-doc-3.9.21-150300.4.64.1.ppc64le"
},
"product_reference": "python39-doc-3.9.21-150300.4.64.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-doc-3.9.21-150300.4.64.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-doc-3.9.21-150300.4.64.1.s390x"
},
"product_reference": "python39-doc-3.9.21-150300.4.64.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-doc-3.9.21-150300.4.64.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-doc-3.9.21-150300.4.64.1.x86_64"
},
"product_reference": "python39-doc-3.9.21-150300.4.64.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-doc-devhelp-3.9.21-150300.4.64.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-doc-devhelp-3.9.21-150300.4.64.1.aarch64"
},
"product_reference": "python39-doc-devhelp-3.9.21-150300.4.64.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-doc-devhelp-3.9.21-150300.4.64.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-doc-devhelp-3.9.21-150300.4.64.1.ppc64le"
},
"product_reference": "python39-doc-devhelp-3.9.21-150300.4.64.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-doc-devhelp-3.9.21-150300.4.64.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-doc-devhelp-3.9.21-150300.4.64.1.s390x"
},
"product_reference": "python39-doc-devhelp-3.9.21-150300.4.64.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-doc-devhelp-3.9.21-150300.4.64.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-doc-devhelp-3.9.21-150300.4.64.1.x86_64"
},
"product_reference": "python39-doc-devhelp-3.9.21-150300.4.64.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-idle-3.9.21-150300.4.64.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-idle-3.9.21-150300.4.64.1.aarch64"
},
"product_reference": "python39-idle-3.9.21-150300.4.64.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-idle-3.9.21-150300.4.64.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-idle-3.9.21-150300.4.64.1.ppc64le"
},
"product_reference": "python39-idle-3.9.21-150300.4.64.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-idle-3.9.21-150300.4.64.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-idle-3.9.21-150300.4.64.1.s390x"
},
"product_reference": "python39-idle-3.9.21-150300.4.64.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-idle-3.9.21-150300.4.64.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-idle-3.9.21-150300.4.64.1.x86_64"
},
"product_reference": "python39-idle-3.9.21-150300.4.64.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-testsuite-3.9.21-150300.4.64.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-testsuite-3.9.21-150300.4.64.1.aarch64"
},
"product_reference": "python39-testsuite-3.9.21-150300.4.64.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-testsuite-3.9.21-150300.4.64.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-testsuite-3.9.21-150300.4.64.1.ppc64le"
},
"product_reference": "python39-testsuite-3.9.21-150300.4.64.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-testsuite-3.9.21-150300.4.64.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-testsuite-3.9.21-150300.4.64.1.s390x"
},
"product_reference": "python39-testsuite-3.9.21-150300.4.64.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-testsuite-3.9.21-150300.4.64.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-testsuite-3.9.21-150300.4.64.1.x86_64"
},
"product_reference": "python39-testsuite-3.9.21-150300.4.64.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tk-3.9.21-150300.4.64.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-tk-3.9.21-150300.4.64.1.aarch64"
},
"product_reference": "python39-tk-3.9.21-150300.4.64.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tk-3.9.21-150300.4.64.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-tk-3.9.21-150300.4.64.1.ppc64le"
},
"product_reference": "python39-tk-3.9.21-150300.4.64.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tk-3.9.21-150300.4.64.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-tk-3.9.21-150300.4.64.1.s390x"
},
"product_reference": "python39-tk-3.9.21-150300.4.64.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tk-3.9.21-150300.4.64.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-tk-3.9.21-150300.4.64.1.x86_64"
},
"product_reference": "python39-tk-3.9.21-150300.4.64.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tools-3.9.21-150300.4.64.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-tools-3.9.21-150300.4.64.1.aarch64"
},
"product_reference": "python39-tools-3.9.21-150300.4.64.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tools-3.9.21-150300.4.64.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-tools-3.9.21-150300.4.64.1.ppc64le"
},
"product_reference": "python39-tools-3.9.21-150300.4.64.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tools-3.9.21-150300.4.64.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-tools-3.9.21-150300.4.64.1.s390x"
},
"product_reference": "python39-tools-3.9.21-150300.4.64.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tools-3.9.21-150300.4.64.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-tools-3.9.21-150300.4.64.1.x86_64"
},
"product_reference": "python39-tools-3.9.21-150300.4.64.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-0938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-0938"
}
],
"notes": [
{
"category": "general",
"text": "The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn\u0027t valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.6:libpython3_9-1_0-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:libpython3_9-1_0-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:libpython3_9-1_0-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:libpython3_9-1_0-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:libpython3_9-1_0-32bit-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-32bit-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-base-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-base-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-base-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-base-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-base-32bit-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-curses-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-curses-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-curses-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-curses-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-dbm-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-dbm-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-dbm-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-dbm-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-devel-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-devel-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-devel-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-devel-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-doc-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-doc-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-doc-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-doc-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-doc-devhelp-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-doc-devhelp-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-doc-devhelp-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-doc-devhelp-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-idle-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-idle-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-idle-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-idle-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-testsuite-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-testsuite-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-testsuite-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-testsuite-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-tk-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-tk-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-tk-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-tk-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-tools-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-tools-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-tools-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-tools-3.9.21-150300.4.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-0938",
"url": "https://www.suse.com/security/cve/CVE-2025-0938"
},
{
"category": "external",
"summary": "SUSE Bug 1236705 for CVE-2025-0938",
"url": "https://bugzilla.suse.com/1236705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.6:libpython3_9-1_0-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:libpython3_9-1_0-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:libpython3_9-1_0-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:libpython3_9-1_0-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:libpython3_9-1_0-32bit-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-32bit-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-base-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-base-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-base-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-base-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-base-32bit-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-curses-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-curses-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-curses-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-curses-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-dbm-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-dbm-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-dbm-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-dbm-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-devel-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-devel-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-devel-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-devel-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-doc-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-doc-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-doc-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-doc-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-doc-devhelp-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-doc-devhelp-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-doc-devhelp-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-doc-devhelp-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-idle-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-idle-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-idle-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-idle-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-testsuite-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-testsuite-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-testsuite-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-testsuite-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-tk-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-tk-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-tk-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-tk-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-tools-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-tools-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-tools-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-tools-3.9.21-150300.4.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.6:libpython3_9-1_0-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:libpython3_9-1_0-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:libpython3_9-1_0-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:libpython3_9-1_0-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:libpython3_9-1_0-32bit-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-32bit-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-base-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-base-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-base-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-base-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-base-32bit-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-curses-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-curses-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-curses-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-curses-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-dbm-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-dbm-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-dbm-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-dbm-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-devel-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-devel-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-devel-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-devel-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-doc-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-doc-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-doc-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-doc-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-doc-devhelp-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-doc-devhelp-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-doc-devhelp-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-doc-devhelp-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-idle-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-idle-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-idle-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-idle-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-testsuite-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-testsuite-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-testsuite-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-testsuite-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-tk-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-tk-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-tk-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-tk-3.9.21-150300.4.64.1.x86_64",
"openSUSE Leap 15.6:python39-tools-3.9.21-150300.4.64.1.aarch64",
"openSUSE Leap 15.6:python39-tools-3.9.21-150300.4.64.1.ppc64le",
"openSUSE Leap 15.6:python39-tools-3.9.21-150300.4.64.1.s390x",
"openSUSE Leap 15.6:python39-tools-3.9.21-150300.4.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-07T17:13:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-0938"
}
]
}
SUSE-SU-2025:0406-1
Vulnerability from csaf_suse - Published: 2025-02-10 13:55 - Updated: 2025-02-10 13:55Summary
Security update for python310
Severity
Moderate
Notes
Title of the patch: Security update for python310
Description of the patch: This update for python310 fixes the following issues:
- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)
Patchnames: SUSE-2025-406,openSUSE-SLE-15.6-2025-406
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4 (Medium)
Affected products
Recommended
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.6:libpython3_10-1_0-3.10.16-150400.4.69.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libpython3_10-1_0-3.10.16-150400.4.69.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libpython3_10-1_0-3.10.16-150400.4.69.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libpython3_10-1_0-3.10.16-150400.4.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libpython3_10-1_0-32bit-3.10.16-150400.4.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-3.10.16-150400.4.69.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-3.10.16-150400.4.69.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-3.10.16-150400.4.69.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-3.10.16-150400.4.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-32bit-3.10.16-150400.4.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-base-3.10.16-150400.4.69.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-base-3.10.16-150400.4.69.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-base-3.10.16-150400.4.69.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-base-3.10.16-150400.4.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-base-32bit-3.10.16-150400.4.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-curses-3.10.16-150400.4.69.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-curses-3.10.16-150400.4.69.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-curses-3.10.16-150400.4.69.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-curses-3.10.16-150400.4.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-dbm-3.10.16-150400.4.69.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-dbm-3.10.16-150400.4.69.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-dbm-3.10.16-150400.4.69.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-dbm-3.10.16-150400.4.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-devel-3.10.16-150400.4.69.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-devel-3.10.16-150400.4.69.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-devel-3.10.16-150400.4.69.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-devel-3.10.16-150400.4.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-doc-3.10.16-150400.4.69.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-doc-3.10.16-150400.4.69.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-doc-3.10.16-150400.4.69.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-doc-3.10.16-150400.4.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-doc-devhelp-3.10.16-150400.4.69.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-doc-devhelp-3.10.16-150400.4.69.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-doc-devhelp-3.10.16-150400.4.69.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-doc-devhelp-3.10.16-150400.4.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-idle-3.10.16-150400.4.69.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-idle-3.10.16-150400.4.69.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-idle-3.10.16-150400.4.69.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-idle-3.10.16-150400.4.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-testsuite-3.10.16-150400.4.69.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-testsuite-3.10.16-150400.4.69.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-testsuite-3.10.16-150400.4.69.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-testsuite-3.10.16-150400.4.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-tk-3.10.16-150400.4.69.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-tk-3.10.16-150400.4.69.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-tk-3.10.16-150400.4.69.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-tk-3.10.16-150400.4.69.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-tools-3.10.16-150400.4.69.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-tools-3.10.16-150400.4.69.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-tools-3.10.16-150400.4.69.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-tools-3.10.16-150400.4.69.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python310",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python310 fixes the following issues:\n\n- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-406,openSUSE-SLE-15.6-2025-406",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0406-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0406-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250406-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0406-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TQJAIMSQWTMDLGVA5OBWBXBGN3VUZIWZ/"
},
{
"category": "self",
"summary": "SUSE Bug 1236705",
"url": "https://bugzilla.suse.com/1236705"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-0938 page",
"url": "https://www.suse.com/security/cve/CVE-2025-0938/"
}
],
"title": "Security update for python310",
"tracking": {
"current_release_date": "2025-02-10T13:55:48Z",
"generator": {
"date": "2025-02-10T13:55:48Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0406-1",
"initial_release_date": "2025-02-10T13:55:48Z",
"revision_history": [
{
"date": "2025-02-10T13:55:48Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpython3_10-1_0-3.10.16-150400.4.69.1.aarch64",
"product": {
"name": "libpython3_10-1_0-3.10.16-150400.4.69.1.aarch64",
"product_id": "libpython3_10-1_0-3.10.16-150400.4.69.1.aarch64"
}
},
{
"category": "product_version",
"name": "python310-3.10.16-150400.4.69.1.aarch64",
"product": {
"name": "python310-3.10.16-150400.4.69.1.aarch64",
"product_id": "python310-3.10.16-150400.4.69.1.aarch64"
}
},
{
"category": "product_version",
"name": "python310-base-3.10.16-150400.4.69.1.aarch64",
"product": {
"name": "python310-base-3.10.16-150400.4.69.1.aarch64",
"product_id": "python310-base-3.10.16-150400.4.69.1.aarch64"
}
},
{
"category": "product_version",
"name": "python310-curses-3.10.16-150400.4.69.1.aarch64",
"product": {
"name": "python310-curses-3.10.16-150400.4.69.1.aarch64",
"product_id": "python310-curses-3.10.16-150400.4.69.1.aarch64"
}
},
{
"category": "product_version",
"name": "python310-dbm-3.10.16-150400.4.69.1.aarch64",
"product": {
"name": "python310-dbm-3.10.16-150400.4.69.1.aarch64",
"product_id": "python310-dbm-3.10.16-150400.4.69.1.aarch64"
}
},
{
"category": "product_version",
"name": "python310-devel-3.10.16-150400.4.69.1.aarch64",
"product": {
"name": "python310-devel-3.10.16-150400.4.69.1.aarch64",
"product_id": "python310-devel-3.10.16-150400.4.69.1.aarch64"
}
},
{
"category": "product_version",
"name": "python310-doc-3.10.16-150400.4.69.1.aarch64",
"product": {
"name": "python310-doc-3.10.16-150400.4.69.1.aarch64",
"product_id": "python310-doc-3.10.16-150400.4.69.1.aarch64"
}
},
{
"category": "product_version",
"name": "python310-doc-devhelp-3.10.16-150400.4.69.1.aarch64",
"product": {
"name": "python310-doc-devhelp-3.10.16-150400.4.69.1.aarch64",
"product_id": "python310-doc-devhelp-3.10.16-150400.4.69.1.aarch64"
}
},
{
"category": "product_version",
"name": "python310-idle-3.10.16-150400.4.69.1.aarch64",
"product": {
"name": "python310-idle-3.10.16-150400.4.69.1.aarch64",
"product_id": "python310-idle-3.10.16-150400.4.69.1.aarch64"
}
},
{
"category": "product_version",
"name": "python310-testsuite-3.10.16-150400.4.69.1.aarch64",
"product": {
"name": "python310-testsuite-3.10.16-150400.4.69.1.aarch64",
"product_id": "python310-testsuite-3.10.16-150400.4.69.1.aarch64"
}
},
{
"category": "product_version",
"name": "python310-tk-3.10.16-150400.4.69.1.aarch64",
"product": {
"name": "python310-tk-3.10.16-150400.4.69.1.aarch64",
"product_id": "python310-tk-3.10.16-150400.4.69.1.aarch64"
}
},
{
"category": "product_version",
"name": "python310-tools-3.10.16-150400.4.69.1.aarch64",
"product": {
"name": "python310-tools-3.10.16-150400.4.69.1.aarch64",
"product_id": "python310-tools-3.10.16-150400.4.69.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_10-1_0-64bit-3.10.16-150400.4.69.1.aarch64_ilp32",
"product": {
"name": "libpython3_10-1_0-64bit-3.10.16-150400.4.69.1.aarch64_ilp32",
"product_id": "libpython3_10-1_0-64bit-3.10.16-150400.4.69.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "python310-64bit-3.10.16-150400.4.69.1.aarch64_ilp32",
"product": {
"name": "python310-64bit-3.10.16-150400.4.69.1.aarch64_ilp32",
"product_id": "python310-64bit-3.10.16-150400.4.69.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "python310-base-64bit-3.10.16-150400.4.69.1.aarch64_ilp32",
"product": {
"name": "python310-base-64bit-3.10.16-150400.4.69.1.aarch64_ilp32",
"product_id": "python310-base-64bit-3.10.16-150400.4.69.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_10-1_0-3.10.16-150400.4.69.1.i586",
"product": {
"name": "libpython3_10-1_0-3.10.16-150400.4.69.1.i586",
"product_id": "libpython3_10-1_0-3.10.16-150400.4.69.1.i586"
}
},
{
"category": "product_version",
"name": "python310-3.10.16-150400.4.69.1.i586",
"product": {
"name": "python310-3.10.16-150400.4.69.1.i586",
"product_id": "python310-3.10.16-150400.4.69.1.i586"
}
},
{
"category": "product_version",
"name": "python310-base-3.10.16-150400.4.69.1.i586",
"product": {
"name": "python310-base-3.10.16-150400.4.69.1.i586",
"product_id": "python310-base-3.10.16-150400.4.69.1.i586"
}
},
{
"category": "product_version",
"name": "python310-curses-3.10.16-150400.4.69.1.i586",
"product": {
"name": "python310-curses-3.10.16-150400.4.69.1.i586",
"product_id": "python310-curses-3.10.16-150400.4.69.1.i586"
}
},
{
"category": "product_version",
"name": "python310-dbm-3.10.16-150400.4.69.1.i586",
"product": {
"name": "python310-dbm-3.10.16-150400.4.69.1.i586",
"product_id": "python310-dbm-3.10.16-150400.4.69.1.i586"
}
},
{
"category": "product_version",
"name": "python310-devel-3.10.16-150400.4.69.1.i586",
"product": {
"name": "python310-devel-3.10.16-150400.4.69.1.i586",
"product_id": "python310-devel-3.10.16-150400.4.69.1.i586"
}
},
{
"category": "product_version",
"name": "python310-doc-3.10.16-150400.4.69.1.i586",
"product": {
"name": "python310-doc-3.10.16-150400.4.69.1.i586",
"product_id": "python310-doc-3.10.16-150400.4.69.1.i586"
}
},
{
"category": "product_version",
"name": "python310-doc-devhelp-3.10.16-150400.4.69.1.i586",
"product": {
"name": "python310-doc-devhelp-3.10.16-150400.4.69.1.i586",
"product_id": "python310-doc-devhelp-3.10.16-150400.4.69.1.i586"
}
},
{
"category": "product_version",
"name": "python310-idle-3.10.16-150400.4.69.1.i586",
"product": {
"name": "python310-idle-3.10.16-150400.4.69.1.i586",
"product_id": "python310-idle-3.10.16-150400.4.69.1.i586"
}
},
{
"category": "product_version",
"name": "python310-testsuite-3.10.16-150400.4.69.1.i586",
"product": {
"name": "python310-testsuite-3.10.16-150400.4.69.1.i586",
"product_id": "python310-testsuite-3.10.16-150400.4.69.1.i586"
}
},
{
"category": "product_version",
"name": "python310-tk-3.10.16-150400.4.69.1.i586",
"product": {
"name": "python310-tk-3.10.16-150400.4.69.1.i586",
"product_id": "python310-tk-3.10.16-150400.4.69.1.i586"
}
},
{
"category": "product_version",
"name": "python310-tools-3.10.16-150400.4.69.1.i586",
"product": {
"name": "python310-tools-3.10.16-150400.4.69.1.i586",
"product_id": "python310-tools-3.10.16-150400.4.69.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_10-1_0-3.10.16-150400.4.69.1.ppc64le",
"product": {
"name": "libpython3_10-1_0-3.10.16-150400.4.69.1.ppc64le",
"product_id": "libpython3_10-1_0-3.10.16-150400.4.69.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python310-3.10.16-150400.4.69.1.ppc64le",
"product": {
"name": "python310-3.10.16-150400.4.69.1.ppc64le",
"product_id": "python310-3.10.16-150400.4.69.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python310-base-3.10.16-150400.4.69.1.ppc64le",
"product": {
"name": "python310-base-3.10.16-150400.4.69.1.ppc64le",
"product_id": "python310-base-3.10.16-150400.4.69.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python310-curses-3.10.16-150400.4.69.1.ppc64le",
"product": {
"name": "python310-curses-3.10.16-150400.4.69.1.ppc64le",
"product_id": "python310-curses-3.10.16-150400.4.69.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python310-dbm-3.10.16-150400.4.69.1.ppc64le",
"product": {
"name": "python310-dbm-3.10.16-150400.4.69.1.ppc64le",
"product_id": "python310-dbm-3.10.16-150400.4.69.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python310-devel-3.10.16-150400.4.69.1.ppc64le",
"product": {
"name": "python310-devel-3.10.16-150400.4.69.1.ppc64le",
"product_id": "python310-devel-3.10.16-150400.4.69.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python310-doc-3.10.16-150400.4.69.1.ppc64le",
"product": {
"name": "python310-doc-3.10.16-150400.4.69.1.ppc64le",
"product_id": "python310-doc-3.10.16-150400.4.69.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python310-doc-devhelp-3.10.16-150400.4.69.1.ppc64le",
"product": {
"name": "python310-doc-devhelp-3.10.16-150400.4.69.1.ppc64le",
"product_id": "python310-doc-devhelp-3.10.16-150400.4.69.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python310-idle-3.10.16-150400.4.69.1.ppc64le",
"product": {
"name": "python310-idle-3.10.16-150400.4.69.1.ppc64le",
"product_id": "python310-idle-3.10.16-150400.4.69.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python310-testsuite-3.10.16-150400.4.69.1.ppc64le",
"product": {
"name": "python310-testsuite-3.10.16-150400.4.69.1.ppc64le",
"product_id": "python310-testsuite-3.10.16-150400.4.69.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python310-tk-3.10.16-150400.4.69.1.ppc64le",
"product": {
"name": "python310-tk-3.10.16-150400.4.69.1.ppc64le",
"product_id": "python310-tk-3.10.16-150400.4.69.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python310-tools-3.10.16-150400.4.69.1.ppc64le",
"product": {
"name": "python310-tools-3.10.16-150400.4.69.1.ppc64le",
"product_id": "python310-tools-3.10.16-150400.4.69.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_10-1_0-3.10.16-150400.4.69.1.s390x",
"product": {
"name": "libpython3_10-1_0-3.10.16-150400.4.69.1.s390x",
"product_id": "libpython3_10-1_0-3.10.16-150400.4.69.1.s390x"
}
},
{
"category": "product_version",
"name": "python310-3.10.16-150400.4.69.1.s390x",
"product": {
"name": "python310-3.10.16-150400.4.69.1.s390x",
"product_id": "python310-3.10.16-150400.4.69.1.s390x"
}
},
{
"category": "product_version",
"name": "python310-base-3.10.16-150400.4.69.1.s390x",
"product": {
"name": "python310-base-3.10.16-150400.4.69.1.s390x",
"product_id": "python310-base-3.10.16-150400.4.69.1.s390x"
}
},
{
"category": "product_version",
"name": "python310-curses-3.10.16-150400.4.69.1.s390x",
"product": {
"name": "python310-curses-3.10.16-150400.4.69.1.s390x",
"product_id": "python310-curses-3.10.16-150400.4.69.1.s390x"
}
},
{
"category": "product_version",
"name": "python310-dbm-3.10.16-150400.4.69.1.s390x",
"product": {
"name": "python310-dbm-3.10.16-150400.4.69.1.s390x",
"product_id": "python310-dbm-3.10.16-150400.4.69.1.s390x"
}
},
{
"category": "product_version",
"name": "python310-devel-3.10.16-150400.4.69.1.s390x",
"product": {
"name": "python310-devel-3.10.16-150400.4.69.1.s390x",
"product_id": "python310-devel-3.10.16-150400.4.69.1.s390x"
}
},
{
"category": "product_version",
"name": "python310-doc-3.10.16-150400.4.69.1.s390x",
"product": {
"name": "python310-doc-3.10.16-150400.4.69.1.s390x",
"product_id": "python310-doc-3.10.16-150400.4.69.1.s390x"
}
},
{
"category": "product_version",
"name": "python310-doc-devhelp-3.10.16-150400.4.69.1.s390x",
"product": {
"name": "python310-doc-devhelp-3.10.16-150400.4.69.1.s390x",
"product_id": "python310-doc-devhelp-3.10.16-150400.4.69.1.s390x"
}
},
{
"category": "product_version",
"name": "python310-idle-3.10.16-150400.4.69.1.s390x",
"product": {
"name": "python310-idle-3.10.16-150400.4.69.1.s390x",
"product_id": "python310-idle-3.10.16-150400.4.69.1.s390x"
}
},
{
"category": "product_version",
"name": "python310-testsuite-3.10.16-150400.4.69.1.s390x",
"product": {
"name": "python310-testsuite-3.10.16-150400.4.69.1.s390x",
"product_id": "python310-testsuite-3.10.16-150400.4.69.1.s390x"
}
},
{
"category": "product_version",
"name": "python310-tk-3.10.16-150400.4.69.1.s390x",
"product": {
"name": "python310-tk-3.10.16-150400.4.69.1.s390x",
"product_id": "python310-tk-3.10.16-150400.4.69.1.s390x"
}
},
{
"category": "product_version",
"name": "python310-tools-3.10.16-150400.4.69.1.s390x",
"product": {
"name": "python310-tools-3.10.16-150400.4.69.1.s390x",
"product_id": "python310-tools-3.10.16-150400.4.69.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_10-1_0-3.10.16-150400.4.69.1.x86_64",
"product": {
"name": "libpython3_10-1_0-3.10.16-150400.4.69.1.x86_64",
"product_id": "libpython3_10-1_0-3.10.16-150400.4.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpython3_10-1_0-32bit-3.10.16-150400.4.69.1.x86_64",
"product": {
"name": "libpython3_10-1_0-32bit-3.10.16-150400.4.69.1.x86_64",
"product_id": "libpython3_10-1_0-32bit-3.10.16-150400.4.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "python310-3.10.16-150400.4.69.1.x86_64",
"product": {
"name": "python310-3.10.16-150400.4.69.1.x86_64",
"product_id": "python310-3.10.16-150400.4.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "python310-32bit-3.10.16-150400.4.69.1.x86_64",
"product": {
"name": "python310-32bit-3.10.16-150400.4.69.1.x86_64",
"product_id": "python310-32bit-3.10.16-150400.4.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "python310-base-3.10.16-150400.4.69.1.x86_64",
"product": {
"name": "python310-base-3.10.16-150400.4.69.1.x86_64",
"product_id": "python310-base-3.10.16-150400.4.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "python310-base-32bit-3.10.16-150400.4.69.1.x86_64",
"product": {
"name": "python310-base-32bit-3.10.16-150400.4.69.1.x86_64",
"product_id": "python310-base-32bit-3.10.16-150400.4.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "python310-curses-3.10.16-150400.4.69.1.x86_64",
"product": {
"name": "python310-curses-3.10.16-150400.4.69.1.x86_64",
"product_id": "python310-curses-3.10.16-150400.4.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "python310-dbm-3.10.16-150400.4.69.1.x86_64",
"product": {
"name": "python310-dbm-3.10.16-150400.4.69.1.x86_64",
"product_id": "python310-dbm-3.10.16-150400.4.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "python310-devel-3.10.16-150400.4.69.1.x86_64",
"product": {
"name": "python310-devel-3.10.16-150400.4.69.1.x86_64",
"product_id": "python310-devel-3.10.16-150400.4.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "python310-doc-3.10.16-150400.4.69.1.x86_64",
"product": {
"name": "python310-doc-3.10.16-150400.4.69.1.x86_64",
"product_id": "python310-doc-3.10.16-150400.4.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "python310-doc-devhelp-3.10.16-150400.4.69.1.x86_64",
"product": {
"name": "python310-doc-devhelp-3.10.16-150400.4.69.1.x86_64",
"product_id": "python310-doc-devhelp-3.10.16-150400.4.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "python310-idle-3.10.16-150400.4.69.1.x86_64",
"product": {
"name": "python310-idle-3.10.16-150400.4.69.1.x86_64",
"product_id": "python310-idle-3.10.16-150400.4.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "python310-testsuite-3.10.16-150400.4.69.1.x86_64",
"product": {
"name": "python310-testsuite-3.10.16-150400.4.69.1.x86_64",
"product_id": "python310-testsuite-3.10.16-150400.4.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "python310-tk-3.10.16-150400.4.69.1.x86_64",
"product": {
"name": "python310-tk-3.10.16-150400.4.69.1.x86_64",
"product_id": "python310-tk-3.10.16-150400.4.69.1.x86_64"
}
},
{
"category": "product_version",
"name": "python310-tools-3.10.16-150400.4.69.1.x86_64",
"product": {
"name": "python310-tools-3.10.16-150400.4.69.1.x86_64",
"product_id": "python310-tools-3.10.16-150400.4.69.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_10-1_0-3.10.16-150400.4.69.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython3_10-1_0-3.10.16-150400.4.69.1.aarch64"
},
"product_reference": "libpython3_10-1_0-3.10.16-150400.4.69.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_10-1_0-3.10.16-150400.4.69.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython3_10-1_0-3.10.16-150400.4.69.1.ppc64le"
},
"product_reference": "libpython3_10-1_0-3.10.16-150400.4.69.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_10-1_0-3.10.16-150400.4.69.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython3_10-1_0-3.10.16-150400.4.69.1.s390x"
},
"product_reference": "libpython3_10-1_0-3.10.16-150400.4.69.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_10-1_0-3.10.16-150400.4.69.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython3_10-1_0-3.10.16-150400.4.69.1.x86_64"
},
"product_reference": "libpython3_10-1_0-3.10.16-150400.4.69.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_10-1_0-32bit-3.10.16-150400.4.69.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython3_10-1_0-32bit-3.10.16-150400.4.69.1.x86_64"
},
"product_reference": "libpython3_10-1_0-32bit-3.10.16-150400.4.69.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-3.10.16-150400.4.69.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-3.10.16-150400.4.69.1.aarch64"
},
"product_reference": "python310-3.10.16-150400.4.69.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-3.10.16-150400.4.69.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-3.10.16-150400.4.69.1.ppc64le"
},
"product_reference": "python310-3.10.16-150400.4.69.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-3.10.16-150400.4.69.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-3.10.16-150400.4.69.1.s390x"
},
"product_reference": "python310-3.10.16-150400.4.69.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-3.10.16-150400.4.69.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-3.10.16-150400.4.69.1.x86_64"
},
"product_reference": "python310-3.10.16-150400.4.69.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-32bit-3.10.16-150400.4.69.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-32bit-3.10.16-150400.4.69.1.x86_64"
},
"product_reference": "python310-32bit-3.10.16-150400.4.69.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-base-3.10.16-150400.4.69.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-base-3.10.16-150400.4.69.1.aarch64"
},
"product_reference": "python310-base-3.10.16-150400.4.69.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-base-3.10.16-150400.4.69.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-base-3.10.16-150400.4.69.1.ppc64le"
},
"product_reference": "python310-base-3.10.16-150400.4.69.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-base-3.10.16-150400.4.69.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-base-3.10.16-150400.4.69.1.s390x"
},
"product_reference": "python310-base-3.10.16-150400.4.69.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-base-3.10.16-150400.4.69.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-base-3.10.16-150400.4.69.1.x86_64"
},
"product_reference": "python310-base-3.10.16-150400.4.69.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-base-32bit-3.10.16-150400.4.69.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-base-32bit-3.10.16-150400.4.69.1.x86_64"
},
"product_reference": "python310-base-32bit-3.10.16-150400.4.69.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-curses-3.10.16-150400.4.69.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-curses-3.10.16-150400.4.69.1.aarch64"
},
"product_reference": "python310-curses-3.10.16-150400.4.69.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-curses-3.10.16-150400.4.69.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-curses-3.10.16-150400.4.69.1.ppc64le"
},
"product_reference": "python310-curses-3.10.16-150400.4.69.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-curses-3.10.16-150400.4.69.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-curses-3.10.16-150400.4.69.1.s390x"
},
"product_reference": "python310-curses-3.10.16-150400.4.69.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-curses-3.10.16-150400.4.69.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-curses-3.10.16-150400.4.69.1.x86_64"
},
"product_reference": "python310-curses-3.10.16-150400.4.69.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-dbm-3.10.16-150400.4.69.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-dbm-3.10.16-150400.4.69.1.aarch64"
},
"product_reference": "python310-dbm-3.10.16-150400.4.69.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-dbm-3.10.16-150400.4.69.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-dbm-3.10.16-150400.4.69.1.ppc64le"
},
"product_reference": "python310-dbm-3.10.16-150400.4.69.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-dbm-3.10.16-150400.4.69.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-dbm-3.10.16-150400.4.69.1.s390x"
},
"product_reference": "python310-dbm-3.10.16-150400.4.69.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-dbm-3.10.16-150400.4.69.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-dbm-3.10.16-150400.4.69.1.x86_64"
},
"product_reference": "python310-dbm-3.10.16-150400.4.69.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-devel-3.10.16-150400.4.69.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-devel-3.10.16-150400.4.69.1.aarch64"
},
"product_reference": "python310-devel-3.10.16-150400.4.69.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-devel-3.10.16-150400.4.69.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-devel-3.10.16-150400.4.69.1.ppc64le"
},
"product_reference": "python310-devel-3.10.16-150400.4.69.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-devel-3.10.16-150400.4.69.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-devel-3.10.16-150400.4.69.1.s390x"
},
"product_reference": "python310-devel-3.10.16-150400.4.69.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-devel-3.10.16-150400.4.69.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-devel-3.10.16-150400.4.69.1.x86_64"
},
"product_reference": "python310-devel-3.10.16-150400.4.69.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-doc-3.10.16-150400.4.69.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-doc-3.10.16-150400.4.69.1.aarch64"
},
"product_reference": "python310-doc-3.10.16-150400.4.69.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-doc-3.10.16-150400.4.69.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-doc-3.10.16-150400.4.69.1.ppc64le"
},
"product_reference": "python310-doc-3.10.16-150400.4.69.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-doc-3.10.16-150400.4.69.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-doc-3.10.16-150400.4.69.1.s390x"
},
"product_reference": "python310-doc-3.10.16-150400.4.69.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-doc-3.10.16-150400.4.69.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-doc-3.10.16-150400.4.69.1.x86_64"
},
"product_reference": "python310-doc-3.10.16-150400.4.69.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-doc-devhelp-3.10.16-150400.4.69.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-doc-devhelp-3.10.16-150400.4.69.1.aarch64"
},
"product_reference": "python310-doc-devhelp-3.10.16-150400.4.69.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-doc-devhelp-3.10.16-150400.4.69.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-doc-devhelp-3.10.16-150400.4.69.1.ppc64le"
},
"product_reference": "python310-doc-devhelp-3.10.16-150400.4.69.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-doc-devhelp-3.10.16-150400.4.69.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-doc-devhelp-3.10.16-150400.4.69.1.s390x"
},
"product_reference": "python310-doc-devhelp-3.10.16-150400.4.69.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-doc-devhelp-3.10.16-150400.4.69.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-doc-devhelp-3.10.16-150400.4.69.1.x86_64"
},
"product_reference": "python310-doc-devhelp-3.10.16-150400.4.69.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-idle-3.10.16-150400.4.69.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-idle-3.10.16-150400.4.69.1.aarch64"
},
"product_reference": "python310-idle-3.10.16-150400.4.69.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-idle-3.10.16-150400.4.69.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-idle-3.10.16-150400.4.69.1.ppc64le"
},
"product_reference": "python310-idle-3.10.16-150400.4.69.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-idle-3.10.16-150400.4.69.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-idle-3.10.16-150400.4.69.1.s390x"
},
"product_reference": "python310-idle-3.10.16-150400.4.69.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-idle-3.10.16-150400.4.69.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-idle-3.10.16-150400.4.69.1.x86_64"
},
"product_reference": "python310-idle-3.10.16-150400.4.69.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-testsuite-3.10.16-150400.4.69.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-testsuite-3.10.16-150400.4.69.1.aarch64"
},
"product_reference": "python310-testsuite-3.10.16-150400.4.69.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-testsuite-3.10.16-150400.4.69.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-testsuite-3.10.16-150400.4.69.1.ppc64le"
},
"product_reference": "python310-testsuite-3.10.16-150400.4.69.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-testsuite-3.10.16-150400.4.69.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-testsuite-3.10.16-150400.4.69.1.s390x"
},
"product_reference": "python310-testsuite-3.10.16-150400.4.69.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-testsuite-3.10.16-150400.4.69.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-testsuite-3.10.16-150400.4.69.1.x86_64"
},
"product_reference": "python310-testsuite-3.10.16-150400.4.69.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-tk-3.10.16-150400.4.69.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-tk-3.10.16-150400.4.69.1.aarch64"
},
"product_reference": "python310-tk-3.10.16-150400.4.69.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-tk-3.10.16-150400.4.69.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-tk-3.10.16-150400.4.69.1.ppc64le"
},
"product_reference": "python310-tk-3.10.16-150400.4.69.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-tk-3.10.16-150400.4.69.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-tk-3.10.16-150400.4.69.1.s390x"
},
"product_reference": "python310-tk-3.10.16-150400.4.69.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-tk-3.10.16-150400.4.69.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-tk-3.10.16-150400.4.69.1.x86_64"
},
"product_reference": "python310-tk-3.10.16-150400.4.69.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-tools-3.10.16-150400.4.69.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-tools-3.10.16-150400.4.69.1.aarch64"
},
"product_reference": "python310-tools-3.10.16-150400.4.69.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-tools-3.10.16-150400.4.69.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-tools-3.10.16-150400.4.69.1.ppc64le"
},
"product_reference": "python310-tools-3.10.16-150400.4.69.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-tools-3.10.16-150400.4.69.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-tools-3.10.16-150400.4.69.1.s390x"
},
"product_reference": "python310-tools-3.10.16-150400.4.69.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-tools-3.10.16-150400.4.69.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-tools-3.10.16-150400.4.69.1.x86_64"
},
"product_reference": "python310-tools-3.10.16-150400.4.69.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-0938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-0938"
}
],
"notes": [
{
"category": "general",
"text": "The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn\u0027t valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.6:libpython3_10-1_0-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:libpython3_10-1_0-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:libpython3_10-1_0-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:libpython3_10-1_0-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:libpython3_10-1_0-32bit-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-32bit-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-base-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-base-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-base-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-base-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-base-32bit-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-curses-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-curses-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-curses-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-curses-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-dbm-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-dbm-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-dbm-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-dbm-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-devel-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-devel-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-devel-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-devel-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-doc-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-doc-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-doc-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-doc-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-doc-devhelp-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-doc-devhelp-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-doc-devhelp-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-doc-devhelp-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-idle-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-idle-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-idle-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-idle-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-testsuite-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-testsuite-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-testsuite-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-testsuite-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-tk-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-tk-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-tk-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-tk-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-tools-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-tools-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-tools-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-tools-3.10.16-150400.4.69.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-0938",
"url": "https://www.suse.com/security/cve/CVE-2025-0938"
},
{
"category": "external",
"summary": "SUSE Bug 1236705 for CVE-2025-0938",
"url": "https://bugzilla.suse.com/1236705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.6:libpython3_10-1_0-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:libpython3_10-1_0-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:libpython3_10-1_0-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:libpython3_10-1_0-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:libpython3_10-1_0-32bit-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-32bit-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-base-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-base-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-base-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-base-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-base-32bit-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-curses-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-curses-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-curses-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-curses-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-dbm-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-dbm-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-dbm-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-dbm-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-devel-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-devel-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-devel-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-devel-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-doc-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-doc-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-doc-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-doc-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-doc-devhelp-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-doc-devhelp-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-doc-devhelp-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-doc-devhelp-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-idle-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-idle-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-idle-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-idle-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-testsuite-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-testsuite-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-testsuite-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-testsuite-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-tk-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-tk-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-tk-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-tk-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-tools-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-tools-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-tools-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-tools-3.10.16-150400.4.69.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.6:libpython3_10-1_0-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:libpython3_10-1_0-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:libpython3_10-1_0-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:libpython3_10-1_0-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:libpython3_10-1_0-32bit-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-32bit-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-base-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-base-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-base-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-base-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-base-32bit-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-curses-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-curses-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-curses-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-curses-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-dbm-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-dbm-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-dbm-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-dbm-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-devel-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-devel-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-devel-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-devel-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-doc-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-doc-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-doc-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-doc-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-doc-devhelp-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-doc-devhelp-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-doc-devhelp-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-doc-devhelp-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-idle-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-idle-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-idle-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-idle-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-testsuite-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-testsuite-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-testsuite-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-testsuite-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-tk-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-tk-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-tk-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-tk-3.10.16-150400.4.69.1.x86_64",
"openSUSE Leap 15.6:python310-tools-3.10.16-150400.4.69.1.aarch64",
"openSUSE Leap 15.6:python310-tools-3.10.16-150400.4.69.1.ppc64le",
"openSUSE Leap 15.6:python310-tools-3.10.16-150400.4.69.1.s390x",
"openSUSE Leap 15.6:python310-tools-3.10.16-150400.4.69.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-10T13:55:48Z",
"details": "moderate"
}
],
"title": "CVE-2025-0938"
}
]
}
SUSE-SU-2025:0419-1
Vulnerability from csaf_suse - Published: 2025-02-11 10:25 - Updated: 2025-02-11 10:25Summary
Security update for python311
Severity
Moderate
Notes
Title of the patch: Security update for python311
Description of the patch: This update for python311 fixes the following issues:
- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)
Patchnames: SUSE-2025-419,SUSE-SLE-Module-Public-Cloud-15-SP4-2025-419
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP4:libpython3_11-1_0-3.11.11-150400.9.44.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP4:libpython3_11-1_0-3.11.11-150400.9.44.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP4:libpython3_11-1_0-3.11.11-150400.9.44.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP4:libpython3_11-1_0-3.11.11-150400.9.44.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-3.11.11-150400.9.44.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-3.11.11-150400.9.44.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-3.11.11-150400.9.44.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-3.11.11-150400.9.44.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-base-3.11.11-150400.9.44.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-base-3.11.11-150400.9.44.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-base-3.11.11-150400.9.44.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-base-3.11.11-150400.9.44.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python311",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python311 fixes the following issues:\n\n- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-419,SUSE-SLE-Module-Public-Cloud-15-SP4-2025-419",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0419-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0419-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250419-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0419-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-February/038350.html"
},
{
"category": "self",
"summary": "SUSE Bug 1228165",
"url": "https://bugzilla.suse.com/1228165"
},
{
"category": "self",
"summary": "SUSE Bug 1236705",
"url": "https://bugzilla.suse.com/1236705"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-0938 page",
"url": "https://www.suse.com/security/cve/CVE-2025-0938/"
}
],
"title": "Security update for python311",
"tracking": {
"current_release_date": "2025-02-11T10:25:44Z",
"generator": {
"date": "2025-02-11T10:25:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0419-1",
"initial_release_date": "2025-02-11T10:25:44Z",
"revision_history": [
{
"date": "2025-02-11T10:25:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpython3_11-1_0-3.11.11-150400.9.44.1.aarch64",
"product": {
"name": "libpython3_11-1_0-3.11.11-150400.9.44.1.aarch64",
"product_id": "libpython3_11-1_0-3.11.11-150400.9.44.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-3.11.11-150400.9.44.1.aarch64",
"product": {
"name": "python311-3.11.11-150400.9.44.1.aarch64",
"product_id": "python311-3.11.11-150400.9.44.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-base-3.11.11-150400.9.44.1.aarch64",
"product": {
"name": "python311-base-3.11.11-150400.9.44.1.aarch64",
"product_id": "python311-base-3.11.11-150400.9.44.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-curses-3.11.11-150400.9.44.1.aarch64",
"product": {
"name": "python311-curses-3.11.11-150400.9.44.1.aarch64",
"product_id": "python311-curses-3.11.11-150400.9.44.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-dbm-3.11.11-150400.9.44.1.aarch64",
"product": {
"name": "python311-dbm-3.11.11-150400.9.44.1.aarch64",
"product_id": "python311-dbm-3.11.11-150400.9.44.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-devel-3.11.11-150400.9.44.1.aarch64",
"product": {
"name": "python311-devel-3.11.11-150400.9.44.1.aarch64",
"product_id": "python311-devel-3.11.11-150400.9.44.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-doc-3.11.11-150400.9.44.1.aarch64",
"product": {
"name": "python311-doc-3.11.11-150400.9.44.1.aarch64",
"product_id": "python311-doc-3.11.11-150400.9.44.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-doc-devhelp-3.11.11-150400.9.44.1.aarch64",
"product": {
"name": "python311-doc-devhelp-3.11.11-150400.9.44.1.aarch64",
"product_id": "python311-doc-devhelp-3.11.11-150400.9.44.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-idle-3.11.11-150400.9.44.1.aarch64",
"product": {
"name": "python311-idle-3.11.11-150400.9.44.1.aarch64",
"product_id": "python311-idle-3.11.11-150400.9.44.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-testsuite-3.11.11-150400.9.44.1.aarch64",
"product": {
"name": "python311-testsuite-3.11.11-150400.9.44.1.aarch64",
"product_id": "python311-testsuite-3.11.11-150400.9.44.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-tk-3.11.11-150400.9.44.1.aarch64",
"product": {
"name": "python311-tk-3.11.11-150400.9.44.1.aarch64",
"product_id": "python311-tk-3.11.11-150400.9.44.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-tools-3.11.11-150400.9.44.1.aarch64",
"product": {
"name": "python311-tools-3.11.11-150400.9.44.1.aarch64",
"product_id": "python311-tools-3.11.11-150400.9.44.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_11-1_0-64bit-3.11.11-150400.9.44.1.aarch64_ilp32",
"product": {
"name": "libpython3_11-1_0-64bit-3.11.11-150400.9.44.1.aarch64_ilp32",
"product_id": "libpython3_11-1_0-64bit-3.11.11-150400.9.44.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "python311-64bit-3.11.11-150400.9.44.1.aarch64_ilp32",
"product": {
"name": "python311-64bit-3.11.11-150400.9.44.1.aarch64_ilp32",
"product_id": "python311-64bit-3.11.11-150400.9.44.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "python311-base-64bit-3.11.11-150400.9.44.1.aarch64_ilp32",
"product": {
"name": "python311-base-64bit-3.11.11-150400.9.44.1.aarch64_ilp32",
"product_id": "python311-base-64bit-3.11.11-150400.9.44.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_11-1_0-3.11.11-150400.9.44.1.i586",
"product": {
"name": "libpython3_11-1_0-3.11.11-150400.9.44.1.i586",
"product_id": "libpython3_11-1_0-3.11.11-150400.9.44.1.i586"
}
},
{
"category": "product_version",
"name": "python311-3.11.11-150400.9.44.1.i586",
"product": {
"name": "python311-3.11.11-150400.9.44.1.i586",
"product_id": "python311-3.11.11-150400.9.44.1.i586"
}
},
{
"category": "product_version",
"name": "python311-base-3.11.11-150400.9.44.1.i586",
"product": {
"name": "python311-base-3.11.11-150400.9.44.1.i586",
"product_id": "python311-base-3.11.11-150400.9.44.1.i586"
}
},
{
"category": "product_version",
"name": "python311-curses-3.11.11-150400.9.44.1.i586",
"product": {
"name": "python311-curses-3.11.11-150400.9.44.1.i586",
"product_id": "python311-curses-3.11.11-150400.9.44.1.i586"
}
},
{
"category": "product_version",
"name": "python311-dbm-3.11.11-150400.9.44.1.i586",
"product": {
"name": "python311-dbm-3.11.11-150400.9.44.1.i586",
"product_id": "python311-dbm-3.11.11-150400.9.44.1.i586"
}
},
{
"category": "product_version",
"name": "python311-devel-3.11.11-150400.9.44.1.i586",
"product": {
"name": "python311-devel-3.11.11-150400.9.44.1.i586",
"product_id": "python311-devel-3.11.11-150400.9.44.1.i586"
}
},
{
"category": "product_version",
"name": "python311-doc-3.11.11-150400.9.44.1.i586",
"product": {
"name": "python311-doc-3.11.11-150400.9.44.1.i586",
"product_id": "python311-doc-3.11.11-150400.9.44.1.i586"
}
},
{
"category": "product_version",
"name": "python311-doc-devhelp-3.11.11-150400.9.44.1.i586",
"product": {
"name": "python311-doc-devhelp-3.11.11-150400.9.44.1.i586",
"product_id": "python311-doc-devhelp-3.11.11-150400.9.44.1.i586"
}
},
{
"category": "product_version",
"name": "python311-idle-3.11.11-150400.9.44.1.i586",
"product": {
"name": "python311-idle-3.11.11-150400.9.44.1.i586",
"product_id": "python311-idle-3.11.11-150400.9.44.1.i586"
}
},
{
"category": "product_version",
"name": "python311-testsuite-3.11.11-150400.9.44.1.i586",
"product": {
"name": "python311-testsuite-3.11.11-150400.9.44.1.i586",
"product_id": "python311-testsuite-3.11.11-150400.9.44.1.i586"
}
},
{
"category": "product_version",
"name": "python311-tk-3.11.11-150400.9.44.1.i586",
"product": {
"name": "python311-tk-3.11.11-150400.9.44.1.i586",
"product_id": "python311-tk-3.11.11-150400.9.44.1.i586"
}
},
{
"category": "product_version",
"name": "python311-tools-3.11.11-150400.9.44.1.i586",
"product": {
"name": "python311-tools-3.11.11-150400.9.44.1.i586",
"product_id": "python311-tools-3.11.11-150400.9.44.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_11-1_0-3.11.11-150400.9.44.1.ppc64le",
"product": {
"name": "libpython3_11-1_0-3.11.11-150400.9.44.1.ppc64le",
"product_id": "libpython3_11-1_0-3.11.11-150400.9.44.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-3.11.11-150400.9.44.1.ppc64le",
"product": {
"name": "python311-3.11.11-150400.9.44.1.ppc64le",
"product_id": "python311-3.11.11-150400.9.44.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-base-3.11.11-150400.9.44.1.ppc64le",
"product": {
"name": "python311-base-3.11.11-150400.9.44.1.ppc64le",
"product_id": "python311-base-3.11.11-150400.9.44.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-curses-3.11.11-150400.9.44.1.ppc64le",
"product": {
"name": "python311-curses-3.11.11-150400.9.44.1.ppc64le",
"product_id": "python311-curses-3.11.11-150400.9.44.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-dbm-3.11.11-150400.9.44.1.ppc64le",
"product": {
"name": "python311-dbm-3.11.11-150400.9.44.1.ppc64le",
"product_id": "python311-dbm-3.11.11-150400.9.44.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-devel-3.11.11-150400.9.44.1.ppc64le",
"product": {
"name": "python311-devel-3.11.11-150400.9.44.1.ppc64le",
"product_id": "python311-devel-3.11.11-150400.9.44.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-doc-3.11.11-150400.9.44.1.ppc64le",
"product": {
"name": "python311-doc-3.11.11-150400.9.44.1.ppc64le",
"product_id": "python311-doc-3.11.11-150400.9.44.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-doc-devhelp-3.11.11-150400.9.44.1.ppc64le",
"product": {
"name": "python311-doc-devhelp-3.11.11-150400.9.44.1.ppc64le",
"product_id": "python311-doc-devhelp-3.11.11-150400.9.44.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-idle-3.11.11-150400.9.44.1.ppc64le",
"product": {
"name": "python311-idle-3.11.11-150400.9.44.1.ppc64le",
"product_id": "python311-idle-3.11.11-150400.9.44.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-testsuite-3.11.11-150400.9.44.1.ppc64le",
"product": {
"name": "python311-testsuite-3.11.11-150400.9.44.1.ppc64le",
"product_id": "python311-testsuite-3.11.11-150400.9.44.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-tk-3.11.11-150400.9.44.1.ppc64le",
"product": {
"name": "python311-tk-3.11.11-150400.9.44.1.ppc64le",
"product_id": "python311-tk-3.11.11-150400.9.44.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-tools-3.11.11-150400.9.44.1.ppc64le",
"product": {
"name": "python311-tools-3.11.11-150400.9.44.1.ppc64le",
"product_id": "python311-tools-3.11.11-150400.9.44.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_11-1_0-3.11.11-150400.9.44.1.s390x",
"product": {
"name": "libpython3_11-1_0-3.11.11-150400.9.44.1.s390x",
"product_id": "libpython3_11-1_0-3.11.11-150400.9.44.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-3.11.11-150400.9.44.1.s390x",
"product": {
"name": "python311-3.11.11-150400.9.44.1.s390x",
"product_id": "python311-3.11.11-150400.9.44.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-base-3.11.11-150400.9.44.1.s390x",
"product": {
"name": "python311-base-3.11.11-150400.9.44.1.s390x",
"product_id": "python311-base-3.11.11-150400.9.44.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-curses-3.11.11-150400.9.44.1.s390x",
"product": {
"name": "python311-curses-3.11.11-150400.9.44.1.s390x",
"product_id": "python311-curses-3.11.11-150400.9.44.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-dbm-3.11.11-150400.9.44.1.s390x",
"product": {
"name": "python311-dbm-3.11.11-150400.9.44.1.s390x",
"product_id": "python311-dbm-3.11.11-150400.9.44.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-devel-3.11.11-150400.9.44.1.s390x",
"product": {
"name": "python311-devel-3.11.11-150400.9.44.1.s390x",
"product_id": "python311-devel-3.11.11-150400.9.44.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-doc-3.11.11-150400.9.44.1.s390x",
"product": {
"name": "python311-doc-3.11.11-150400.9.44.1.s390x",
"product_id": "python311-doc-3.11.11-150400.9.44.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-doc-devhelp-3.11.11-150400.9.44.1.s390x",
"product": {
"name": "python311-doc-devhelp-3.11.11-150400.9.44.1.s390x",
"product_id": "python311-doc-devhelp-3.11.11-150400.9.44.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-idle-3.11.11-150400.9.44.1.s390x",
"product": {
"name": "python311-idle-3.11.11-150400.9.44.1.s390x",
"product_id": "python311-idle-3.11.11-150400.9.44.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-testsuite-3.11.11-150400.9.44.1.s390x",
"product": {
"name": "python311-testsuite-3.11.11-150400.9.44.1.s390x",
"product_id": "python311-testsuite-3.11.11-150400.9.44.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-tk-3.11.11-150400.9.44.1.s390x",
"product": {
"name": "python311-tk-3.11.11-150400.9.44.1.s390x",
"product_id": "python311-tk-3.11.11-150400.9.44.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-tools-3.11.11-150400.9.44.1.s390x",
"product": {
"name": "python311-tools-3.11.11-150400.9.44.1.s390x",
"product_id": "python311-tools-3.11.11-150400.9.44.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_11-1_0-3.11.11-150400.9.44.1.x86_64",
"product": {
"name": "libpython3_11-1_0-3.11.11-150400.9.44.1.x86_64",
"product_id": "libpython3_11-1_0-3.11.11-150400.9.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpython3_11-1_0-32bit-3.11.11-150400.9.44.1.x86_64",
"product": {
"name": "libpython3_11-1_0-32bit-3.11.11-150400.9.44.1.x86_64",
"product_id": "libpython3_11-1_0-32bit-3.11.11-150400.9.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-3.11.11-150400.9.44.1.x86_64",
"product": {
"name": "python311-3.11.11-150400.9.44.1.x86_64",
"product_id": "python311-3.11.11-150400.9.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-32bit-3.11.11-150400.9.44.1.x86_64",
"product": {
"name": "python311-32bit-3.11.11-150400.9.44.1.x86_64",
"product_id": "python311-32bit-3.11.11-150400.9.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-base-3.11.11-150400.9.44.1.x86_64",
"product": {
"name": "python311-base-3.11.11-150400.9.44.1.x86_64",
"product_id": "python311-base-3.11.11-150400.9.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-base-32bit-3.11.11-150400.9.44.1.x86_64",
"product": {
"name": "python311-base-32bit-3.11.11-150400.9.44.1.x86_64",
"product_id": "python311-base-32bit-3.11.11-150400.9.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-curses-3.11.11-150400.9.44.1.x86_64",
"product": {
"name": "python311-curses-3.11.11-150400.9.44.1.x86_64",
"product_id": "python311-curses-3.11.11-150400.9.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-dbm-3.11.11-150400.9.44.1.x86_64",
"product": {
"name": "python311-dbm-3.11.11-150400.9.44.1.x86_64",
"product_id": "python311-dbm-3.11.11-150400.9.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-devel-3.11.11-150400.9.44.1.x86_64",
"product": {
"name": "python311-devel-3.11.11-150400.9.44.1.x86_64",
"product_id": "python311-devel-3.11.11-150400.9.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-doc-3.11.11-150400.9.44.1.x86_64",
"product": {
"name": "python311-doc-3.11.11-150400.9.44.1.x86_64",
"product_id": "python311-doc-3.11.11-150400.9.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-doc-devhelp-3.11.11-150400.9.44.1.x86_64",
"product": {
"name": "python311-doc-devhelp-3.11.11-150400.9.44.1.x86_64",
"product_id": "python311-doc-devhelp-3.11.11-150400.9.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-idle-3.11.11-150400.9.44.1.x86_64",
"product": {
"name": "python311-idle-3.11.11-150400.9.44.1.x86_64",
"product_id": "python311-idle-3.11.11-150400.9.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-testsuite-3.11.11-150400.9.44.1.x86_64",
"product": {
"name": "python311-testsuite-3.11.11-150400.9.44.1.x86_64",
"product_id": "python311-testsuite-3.11.11-150400.9.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-tk-3.11.11-150400.9.44.1.x86_64",
"product": {
"name": "python311-tk-3.11.11-150400.9.44.1.x86_64",
"product_id": "python311-tk-3.11.11-150400.9.44.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-tools-3.11.11-150400.9.44.1.x86_64",
"product": {
"name": "python311-tools-3.11.11-150400.9.44.1.x86_64",
"product_id": "python311-tools-3.11.11-150400.9.44.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_11-1_0-3.11.11-150400.9.44.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:libpython3_11-1_0-3.11.11-150400.9.44.1.aarch64"
},
"product_reference": "libpython3_11-1_0-3.11.11-150400.9.44.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_11-1_0-3.11.11-150400.9.44.1.ppc64le as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:libpython3_11-1_0-3.11.11-150400.9.44.1.ppc64le"
},
"product_reference": "libpython3_11-1_0-3.11.11-150400.9.44.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_11-1_0-3.11.11-150400.9.44.1.s390x as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:libpython3_11-1_0-3.11.11-150400.9.44.1.s390x"
},
"product_reference": "libpython3_11-1_0-3.11.11-150400.9.44.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_11-1_0-3.11.11-150400.9.44.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:libpython3_11-1_0-3.11.11-150400.9.44.1.x86_64"
},
"product_reference": "libpython3_11-1_0-3.11.11-150400.9.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-3.11.11-150400.9.44.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-3.11.11-150400.9.44.1.aarch64"
},
"product_reference": "python311-3.11.11-150400.9.44.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-3.11.11-150400.9.44.1.ppc64le as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-3.11.11-150400.9.44.1.ppc64le"
},
"product_reference": "python311-3.11.11-150400.9.44.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-3.11.11-150400.9.44.1.s390x as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-3.11.11-150400.9.44.1.s390x"
},
"product_reference": "python311-3.11.11-150400.9.44.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-3.11.11-150400.9.44.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-3.11.11-150400.9.44.1.x86_64"
},
"product_reference": "python311-3.11.11-150400.9.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-base-3.11.11-150400.9.44.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-base-3.11.11-150400.9.44.1.aarch64"
},
"product_reference": "python311-base-3.11.11-150400.9.44.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-base-3.11.11-150400.9.44.1.ppc64le as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-base-3.11.11-150400.9.44.1.ppc64le"
},
"product_reference": "python311-base-3.11.11-150400.9.44.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-base-3.11.11-150400.9.44.1.s390x as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-base-3.11.11-150400.9.44.1.s390x"
},
"product_reference": "python311-base-3.11.11-150400.9.44.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-base-3.11.11-150400.9.44.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-base-3.11.11-150400.9.44.1.x86_64"
},
"product_reference": "python311-base-3.11.11-150400.9.44.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-0938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-0938"
}
],
"notes": [
{
"category": "general",
"text": "The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn\u0027t valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:libpython3_11-1_0-3.11.11-150400.9.44.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:libpython3_11-1_0-3.11.11-150400.9.44.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:libpython3_11-1_0-3.11.11-150400.9.44.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:libpython3_11-1_0-3.11.11-150400.9.44.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-3.11.11-150400.9.44.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-3.11.11-150400.9.44.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-3.11.11-150400.9.44.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-3.11.11-150400.9.44.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-base-3.11.11-150400.9.44.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-base-3.11.11-150400.9.44.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-base-3.11.11-150400.9.44.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-base-3.11.11-150400.9.44.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-0938",
"url": "https://www.suse.com/security/cve/CVE-2025-0938"
},
{
"category": "external",
"summary": "SUSE Bug 1236705 for CVE-2025-0938",
"url": "https://bugzilla.suse.com/1236705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:libpython3_11-1_0-3.11.11-150400.9.44.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:libpython3_11-1_0-3.11.11-150400.9.44.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:libpython3_11-1_0-3.11.11-150400.9.44.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:libpython3_11-1_0-3.11.11-150400.9.44.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-3.11.11-150400.9.44.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-3.11.11-150400.9.44.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-3.11.11-150400.9.44.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-3.11.11-150400.9.44.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-base-3.11.11-150400.9.44.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-base-3.11.11-150400.9.44.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-base-3.11.11-150400.9.44.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-base-3.11.11-150400.9.44.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:libpython3_11-1_0-3.11.11-150400.9.44.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:libpython3_11-1_0-3.11.11-150400.9.44.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:libpython3_11-1_0-3.11.11-150400.9.44.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:libpython3_11-1_0-3.11.11-150400.9.44.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-3.11.11-150400.9.44.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-3.11.11-150400.9.44.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-3.11.11-150400.9.44.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-3.11.11-150400.9.44.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-base-3.11.11-150400.9.44.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-base-3.11.11-150400.9.44.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-base-3.11.11-150400.9.44.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-base-3.11.11-150400.9.44.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-11T10:25:44Z",
"details": "moderate"
}
],
"title": "CVE-2025-0938"
}
]
}
SUSE-SU-2025:0434-1
Vulnerability from csaf_suse - Published: 2025-02-11 16:47 - Updated: 2025-02-11 16:47Summary
Security update for python36
Severity
Moderate
Notes
Title of the patch: Security update for python36
Description of the patch: This update for python36 fixes the following issues:
- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)
Patchnames: SUSE-2025-434,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-434
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython3_6m1_0-3.6.15-76.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython3_6m1_0-32bit-3.6.15-76.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python36-3.6.15-76.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python36-base-3.6.15-76.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python36-devel-3.6.15-76.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python36",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python36 fixes the following issues:\n\n- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-434,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-434",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0434-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0434-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250434-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0434-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020318.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236705",
"url": "https://bugzilla.suse.com/1236705"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-0938 page",
"url": "https://www.suse.com/security/cve/CVE-2025-0938/"
}
],
"title": "Security update for python36",
"tracking": {
"current_release_date": "2025-02-11T16:47:09Z",
"generator": {
"date": "2025-02-11T16:47:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0434-1",
"initial_release_date": "2025-02-11T16:47:09Z",
"revision_history": [
{
"date": "2025-02-11T16:47:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpython3_6m1_0-3.6.15-76.1.aarch64",
"product": {
"name": "libpython3_6m1_0-3.6.15-76.1.aarch64",
"product_id": "libpython3_6m1_0-3.6.15-76.1.aarch64"
}
},
{
"category": "product_version",
"name": "python36-3.6.15-76.1.aarch64",
"product": {
"name": "python36-3.6.15-76.1.aarch64",
"product_id": "python36-3.6.15-76.1.aarch64"
}
},
{
"category": "product_version",
"name": "python36-base-3.6.15-76.1.aarch64",
"product": {
"name": "python36-base-3.6.15-76.1.aarch64",
"product_id": "python36-base-3.6.15-76.1.aarch64"
}
},
{
"category": "product_version",
"name": "python36-curses-3.6.15-76.1.aarch64",
"product": {
"name": "python36-curses-3.6.15-76.1.aarch64",
"product_id": "python36-curses-3.6.15-76.1.aarch64"
}
},
{
"category": "product_version",
"name": "python36-dbm-3.6.15-76.1.aarch64",
"product": {
"name": "python36-dbm-3.6.15-76.1.aarch64",
"product_id": "python36-dbm-3.6.15-76.1.aarch64"
}
},
{
"category": "product_version",
"name": "python36-devel-3.6.15-76.1.aarch64",
"product": {
"name": "python36-devel-3.6.15-76.1.aarch64",
"product_id": "python36-devel-3.6.15-76.1.aarch64"
}
},
{
"category": "product_version",
"name": "python36-idle-3.6.15-76.1.aarch64",
"product": {
"name": "python36-idle-3.6.15-76.1.aarch64",
"product_id": "python36-idle-3.6.15-76.1.aarch64"
}
},
{
"category": "product_version",
"name": "python36-testsuite-3.6.15-76.1.aarch64",
"product": {
"name": "python36-testsuite-3.6.15-76.1.aarch64",
"product_id": "python36-testsuite-3.6.15-76.1.aarch64"
}
},
{
"category": "product_version",
"name": "python36-tk-3.6.15-76.1.aarch64",
"product": {
"name": "python36-tk-3.6.15-76.1.aarch64",
"product_id": "python36-tk-3.6.15-76.1.aarch64"
}
},
{
"category": "product_version",
"name": "python36-tools-3.6.15-76.1.aarch64",
"product": {
"name": "python36-tools-3.6.15-76.1.aarch64",
"product_id": "python36-tools-3.6.15-76.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_6m1_0-64bit-3.6.15-76.1.aarch64_ilp32",
"product": {
"name": "libpython3_6m1_0-64bit-3.6.15-76.1.aarch64_ilp32",
"product_id": "libpython3_6m1_0-64bit-3.6.15-76.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "python36-64bit-3.6.15-76.1.aarch64_ilp32",
"product": {
"name": "python36-64bit-3.6.15-76.1.aarch64_ilp32",
"product_id": "python36-64bit-3.6.15-76.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "python36-base-64bit-3.6.15-76.1.aarch64_ilp32",
"product": {
"name": "python36-base-64bit-3.6.15-76.1.aarch64_ilp32",
"product_id": "python36-base-64bit-3.6.15-76.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_6m1_0-3.6.15-76.1.i586",
"product": {
"name": "libpython3_6m1_0-3.6.15-76.1.i586",
"product_id": "libpython3_6m1_0-3.6.15-76.1.i586"
}
},
{
"category": "product_version",
"name": "python36-3.6.15-76.1.i586",
"product": {
"name": "python36-3.6.15-76.1.i586",
"product_id": "python36-3.6.15-76.1.i586"
}
},
{
"category": "product_version",
"name": "python36-base-3.6.15-76.1.i586",
"product": {
"name": "python36-base-3.6.15-76.1.i586",
"product_id": "python36-base-3.6.15-76.1.i586"
}
},
{
"category": "product_version",
"name": "python36-curses-3.6.15-76.1.i586",
"product": {
"name": "python36-curses-3.6.15-76.1.i586",
"product_id": "python36-curses-3.6.15-76.1.i586"
}
},
{
"category": "product_version",
"name": "python36-dbm-3.6.15-76.1.i586",
"product": {
"name": "python36-dbm-3.6.15-76.1.i586",
"product_id": "python36-dbm-3.6.15-76.1.i586"
}
},
{
"category": "product_version",
"name": "python36-devel-3.6.15-76.1.i586",
"product": {
"name": "python36-devel-3.6.15-76.1.i586",
"product_id": "python36-devel-3.6.15-76.1.i586"
}
},
{
"category": "product_version",
"name": "python36-idle-3.6.15-76.1.i586",
"product": {
"name": "python36-idle-3.6.15-76.1.i586",
"product_id": "python36-idle-3.6.15-76.1.i586"
}
},
{
"category": "product_version",
"name": "python36-testsuite-3.6.15-76.1.i586",
"product": {
"name": "python36-testsuite-3.6.15-76.1.i586",
"product_id": "python36-testsuite-3.6.15-76.1.i586"
}
},
{
"category": "product_version",
"name": "python36-tk-3.6.15-76.1.i586",
"product": {
"name": "python36-tk-3.6.15-76.1.i586",
"product_id": "python36-tk-3.6.15-76.1.i586"
}
},
{
"category": "product_version",
"name": "python36-tools-3.6.15-76.1.i586",
"product": {
"name": "python36-tools-3.6.15-76.1.i586",
"product_id": "python36-tools-3.6.15-76.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_6m1_0-3.6.15-76.1.ppc64le",
"product": {
"name": "libpython3_6m1_0-3.6.15-76.1.ppc64le",
"product_id": "libpython3_6m1_0-3.6.15-76.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-3.6.15-76.1.ppc64le",
"product": {
"name": "python36-3.6.15-76.1.ppc64le",
"product_id": "python36-3.6.15-76.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-base-3.6.15-76.1.ppc64le",
"product": {
"name": "python36-base-3.6.15-76.1.ppc64le",
"product_id": "python36-base-3.6.15-76.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-curses-3.6.15-76.1.ppc64le",
"product": {
"name": "python36-curses-3.6.15-76.1.ppc64le",
"product_id": "python36-curses-3.6.15-76.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-dbm-3.6.15-76.1.ppc64le",
"product": {
"name": "python36-dbm-3.6.15-76.1.ppc64le",
"product_id": "python36-dbm-3.6.15-76.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-devel-3.6.15-76.1.ppc64le",
"product": {
"name": "python36-devel-3.6.15-76.1.ppc64le",
"product_id": "python36-devel-3.6.15-76.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-idle-3.6.15-76.1.ppc64le",
"product": {
"name": "python36-idle-3.6.15-76.1.ppc64le",
"product_id": "python36-idle-3.6.15-76.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-testsuite-3.6.15-76.1.ppc64le",
"product": {
"name": "python36-testsuite-3.6.15-76.1.ppc64le",
"product_id": "python36-testsuite-3.6.15-76.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-tk-3.6.15-76.1.ppc64le",
"product": {
"name": "python36-tk-3.6.15-76.1.ppc64le",
"product_id": "python36-tk-3.6.15-76.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-tools-3.6.15-76.1.ppc64le",
"product": {
"name": "python36-tools-3.6.15-76.1.ppc64le",
"product_id": "python36-tools-3.6.15-76.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_6m1_0-3.6.15-76.1.s390",
"product": {
"name": "libpython3_6m1_0-3.6.15-76.1.s390",
"product_id": "libpython3_6m1_0-3.6.15-76.1.s390"
}
},
{
"category": "product_version",
"name": "python36-3.6.15-76.1.s390",
"product": {
"name": "python36-3.6.15-76.1.s390",
"product_id": "python36-3.6.15-76.1.s390"
}
},
{
"category": "product_version",
"name": "python36-base-3.6.15-76.1.s390",
"product": {
"name": "python36-base-3.6.15-76.1.s390",
"product_id": "python36-base-3.6.15-76.1.s390"
}
},
{
"category": "product_version",
"name": "python36-curses-3.6.15-76.1.s390",
"product": {
"name": "python36-curses-3.6.15-76.1.s390",
"product_id": "python36-curses-3.6.15-76.1.s390"
}
},
{
"category": "product_version",
"name": "python36-dbm-3.6.15-76.1.s390",
"product": {
"name": "python36-dbm-3.6.15-76.1.s390",
"product_id": "python36-dbm-3.6.15-76.1.s390"
}
},
{
"category": "product_version",
"name": "python36-devel-3.6.15-76.1.s390",
"product": {
"name": "python36-devel-3.6.15-76.1.s390",
"product_id": "python36-devel-3.6.15-76.1.s390"
}
},
{
"category": "product_version",
"name": "python36-idle-3.6.15-76.1.s390",
"product": {
"name": "python36-idle-3.6.15-76.1.s390",
"product_id": "python36-idle-3.6.15-76.1.s390"
}
},
{
"category": "product_version",
"name": "python36-testsuite-3.6.15-76.1.s390",
"product": {
"name": "python36-testsuite-3.6.15-76.1.s390",
"product_id": "python36-testsuite-3.6.15-76.1.s390"
}
},
{
"category": "product_version",
"name": "python36-tk-3.6.15-76.1.s390",
"product": {
"name": "python36-tk-3.6.15-76.1.s390",
"product_id": "python36-tk-3.6.15-76.1.s390"
}
},
{
"category": "product_version",
"name": "python36-tools-3.6.15-76.1.s390",
"product": {
"name": "python36-tools-3.6.15-76.1.s390",
"product_id": "python36-tools-3.6.15-76.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_6m1_0-3.6.15-76.1.s390x",
"product": {
"name": "libpython3_6m1_0-3.6.15-76.1.s390x",
"product_id": "libpython3_6m1_0-3.6.15-76.1.s390x"
}
},
{
"category": "product_version",
"name": "libpython3_6m1_0-32bit-3.6.15-76.1.s390x",
"product": {
"name": "libpython3_6m1_0-32bit-3.6.15-76.1.s390x",
"product_id": "libpython3_6m1_0-32bit-3.6.15-76.1.s390x"
}
},
{
"category": "product_version",
"name": "python36-3.6.15-76.1.s390x",
"product": {
"name": "python36-3.6.15-76.1.s390x",
"product_id": "python36-3.6.15-76.1.s390x"
}
},
{
"category": "product_version",
"name": "python36-32bit-3.6.15-76.1.s390x",
"product": {
"name": "python36-32bit-3.6.15-76.1.s390x",
"product_id": "python36-32bit-3.6.15-76.1.s390x"
}
},
{
"category": "product_version",
"name": "python36-base-3.6.15-76.1.s390x",
"product": {
"name": "python36-base-3.6.15-76.1.s390x",
"product_id": "python36-base-3.6.15-76.1.s390x"
}
},
{
"category": "product_version",
"name": "python36-base-32bit-3.6.15-76.1.s390x",
"product": {
"name": "python36-base-32bit-3.6.15-76.1.s390x",
"product_id": "python36-base-32bit-3.6.15-76.1.s390x"
}
},
{
"category": "product_version",
"name": "python36-curses-3.6.15-76.1.s390x",
"product": {
"name": "python36-curses-3.6.15-76.1.s390x",
"product_id": "python36-curses-3.6.15-76.1.s390x"
}
},
{
"category": "product_version",
"name": "python36-dbm-3.6.15-76.1.s390x",
"product": {
"name": "python36-dbm-3.6.15-76.1.s390x",
"product_id": "python36-dbm-3.6.15-76.1.s390x"
}
},
{
"category": "product_version",
"name": "python36-devel-3.6.15-76.1.s390x",
"product": {
"name": "python36-devel-3.6.15-76.1.s390x",
"product_id": "python36-devel-3.6.15-76.1.s390x"
}
},
{
"category": "product_version",
"name": "python36-idle-3.6.15-76.1.s390x",
"product": {
"name": "python36-idle-3.6.15-76.1.s390x",
"product_id": "python36-idle-3.6.15-76.1.s390x"
}
},
{
"category": "product_version",
"name": "python36-testsuite-3.6.15-76.1.s390x",
"product": {
"name": "python36-testsuite-3.6.15-76.1.s390x",
"product_id": "python36-testsuite-3.6.15-76.1.s390x"
}
},
{
"category": "product_version",
"name": "python36-tk-3.6.15-76.1.s390x",
"product": {
"name": "python36-tk-3.6.15-76.1.s390x",
"product_id": "python36-tk-3.6.15-76.1.s390x"
}
},
{
"category": "product_version",
"name": "python36-tools-3.6.15-76.1.s390x",
"product": {
"name": "python36-tools-3.6.15-76.1.s390x",
"product_id": "python36-tools-3.6.15-76.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_6m1_0-3.6.15-76.1.x86_64",
"product": {
"name": "libpython3_6m1_0-3.6.15-76.1.x86_64",
"product_id": "libpython3_6m1_0-3.6.15-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpython3_6m1_0-32bit-3.6.15-76.1.x86_64",
"product": {
"name": "libpython3_6m1_0-32bit-3.6.15-76.1.x86_64",
"product_id": "libpython3_6m1_0-32bit-3.6.15-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "python36-3.6.15-76.1.x86_64",
"product": {
"name": "python36-3.6.15-76.1.x86_64",
"product_id": "python36-3.6.15-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "python36-32bit-3.6.15-76.1.x86_64",
"product": {
"name": "python36-32bit-3.6.15-76.1.x86_64",
"product_id": "python36-32bit-3.6.15-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "python36-base-3.6.15-76.1.x86_64",
"product": {
"name": "python36-base-3.6.15-76.1.x86_64",
"product_id": "python36-base-3.6.15-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "python36-base-32bit-3.6.15-76.1.x86_64",
"product": {
"name": "python36-base-32bit-3.6.15-76.1.x86_64",
"product_id": "python36-base-32bit-3.6.15-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "python36-curses-3.6.15-76.1.x86_64",
"product": {
"name": "python36-curses-3.6.15-76.1.x86_64",
"product_id": "python36-curses-3.6.15-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "python36-dbm-3.6.15-76.1.x86_64",
"product": {
"name": "python36-dbm-3.6.15-76.1.x86_64",
"product_id": "python36-dbm-3.6.15-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "python36-devel-3.6.15-76.1.x86_64",
"product": {
"name": "python36-devel-3.6.15-76.1.x86_64",
"product_id": "python36-devel-3.6.15-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "python36-idle-3.6.15-76.1.x86_64",
"product": {
"name": "python36-idle-3.6.15-76.1.x86_64",
"product_id": "python36-idle-3.6.15-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "python36-testsuite-3.6.15-76.1.x86_64",
"product": {
"name": "python36-testsuite-3.6.15-76.1.x86_64",
"product_id": "python36-testsuite-3.6.15-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "python36-tk-3.6.15-76.1.x86_64",
"product": {
"name": "python36-tk-3.6.15-76.1.x86_64",
"product_id": "python36-tk-3.6.15-76.1.x86_64"
}
},
{
"category": "product_version",
"name": "python36-tools-3.6.15-76.1.x86_64",
"product": {
"name": "python36-tools-3.6.15-76.1.x86_64",
"product_id": "python36-tools-3.6.15-76.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_6m1_0-3.6.15-76.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython3_6m1_0-3.6.15-76.1.x86_64"
},
"product_reference": "libpython3_6m1_0-3.6.15-76.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_6m1_0-32bit-3.6.15-76.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython3_6m1_0-32bit-3.6.15-76.1.x86_64"
},
"product_reference": "libpython3_6m1_0-32bit-3.6.15-76.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-3.6.15-76.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python36-3.6.15-76.1.x86_64"
},
"product_reference": "python36-3.6.15-76.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-base-3.6.15-76.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python36-base-3.6.15-76.1.x86_64"
},
"product_reference": "python36-base-3.6.15-76.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-devel-3.6.15-76.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python36-devel-3.6.15-76.1.x86_64"
},
"product_reference": "python36-devel-3.6.15-76.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-0938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-0938"
}
],
"notes": [
{
"category": "general",
"text": "The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn\u0027t valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython3_6m1_0-3.6.15-76.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython3_6m1_0-32bit-3.6.15-76.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python36-3.6.15-76.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python36-base-3.6.15-76.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python36-devel-3.6.15-76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-0938",
"url": "https://www.suse.com/security/cve/CVE-2025-0938"
},
{
"category": "external",
"summary": "SUSE Bug 1236705 for CVE-2025-0938",
"url": "https://bugzilla.suse.com/1236705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython3_6m1_0-3.6.15-76.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython3_6m1_0-32bit-3.6.15-76.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python36-3.6.15-76.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python36-base-3.6.15-76.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python36-devel-3.6.15-76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython3_6m1_0-3.6.15-76.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython3_6m1_0-32bit-3.6.15-76.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python36-3.6.15-76.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python36-base-3.6.15-76.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python36-devel-3.6.15-76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-11T16:47:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-0938"
}
]
}
SUSE-SU-2025:0502-1
Vulnerability from csaf_suse - Published: 2025-02-13 10:11 - Updated: 2025-02-13 10:11Summary
Security update for python3
Severity
Moderate
Notes
Title of the patch: Security update for python3
Description of the patch: This update for python3 fixes the following issues:
- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)
Patchnames: SUSE-2025-502,SUSE-SUSE-MicroOS-5.1-2025-502
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4 (Medium)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libpython3_6m1_0-3.6.15-150000.3.170.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libpython3_6m1_0-3.6.15-150000.3.170.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libpython3_6m1_0-3.6.15-150000.3.170.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:python3-3.6.15-150000.3.170.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:python3-3.6.15-150000.3.170.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:python3-3.6.15-150000.3.170.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:python3-base-3.6.15-150000.3.170.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:python3-base-3.6.15-150000.3.170.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:python3-base-3.6.15-150000.3.170.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python3 fixes the following issues:\n\n- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-502,SUSE-SUSE-MicroOS-5.1-2025-502",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0502-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0502-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250502-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0502-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020335.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236705",
"url": "https://bugzilla.suse.com/1236705"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-0938 page",
"url": "https://www.suse.com/security/cve/CVE-2025-0938/"
}
],
"title": "Security update for python3",
"tracking": {
"current_release_date": "2025-02-13T10:11:12Z",
"generator": {
"date": "2025-02-13T10:11:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0502-1",
"initial_release_date": "2025-02-13T10:11:12Z",
"revision_history": [
{
"date": "2025-02-13T10:11:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpython3_6m1_0-3.6.15-150000.3.170.1.aarch64",
"product": {
"name": "libpython3_6m1_0-3.6.15-150000.3.170.1.aarch64",
"product_id": "libpython3_6m1_0-3.6.15-150000.3.170.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-3.6.15-150000.3.170.1.aarch64",
"product": {
"name": "python3-3.6.15-150000.3.170.1.aarch64",
"product_id": "python3-3.6.15-150000.3.170.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-base-3.6.15-150000.3.170.1.aarch64",
"product": {
"name": "python3-base-3.6.15-150000.3.170.1.aarch64",
"product_id": "python3-base-3.6.15-150000.3.170.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-curses-3.6.15-150000.3.170.1.aarch64",
"product": {
"name": "python3-curses-3.6.15-150000.3.170.1.aarch64",
"product_id": "python3-curses-3.6.15-150000.3.170.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-dbm-3.6.15-150000.3.170.1.aarch64",
"product": {
"name": "python3-dbm-3.6.15-150000.3.170.1.aarch64",
"product_id": "python3-dbm-3.6.15-150000.3.170.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-devel-3.6.15-150000.3.170.1.aarch64",
"product": {
"name": "python3-devel-3.6.15-150000.3.170.1.aarch64",
"product_id": "python3-devel-3.6.15-150000.3.170.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-doc-3.6.15-150000.3.170.1.aarch64",
"product": {
"name": "python3-doc-3.6.15-150000.3.170.1.aarch64",
"product_id": "python3-doc-3.6.15-150000.3.170.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-doc-devhelp-3.6.15-150000.3.170.1.aarch64",
"product": {
"name": "python3-doc-devhelp-3.6.15-150000.3.170.1.aarch64",
"product_id": "python3-doc-devhelp-3.6.15-150000.3.170.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-idle-3.6.15-150000.3.170.1.aarch64",
"product": {
"name": "python3-idle-3.6.15-150000.3.170.1.aarch64",
"product_id": "python3-idle-3.6.15-150000.3.170.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-testsuite-3.6.15-150000.3.170.1.aarch64",
"product": {
"name": "python3-testsuite-3.6.15-150000.3.170.1.aarch64",
"product_id": "python3-testsuite-3.6.15-150000.3.170.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-tk-3.6.15-150000.3.170.1.aarch64",
"product": {
"name": "python3-tk-3.6.15-150000.3.170.1.aarch64",
"product_id": "python3-tk-3.6.15-150000.3.170.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-tools-3.6.15-150000.3.170.1.aarch64",
"product": {
"name": "python3-tools-3.6.15-150000.3.170.1.aarch64",
"product_id": "python3-tools-3.6.15-150000.3.170.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_6m1_0-64bit-3.6.15-150000.3.170.1.aarch64_ilp32",
"product": {
"name": "libpython3_6m1_0-64bit-3.6.15-150000.3.170.1.aarch64_ilp32",
"product_id": "libpython3_6m1_0-64bit-3.6.15-150000.3.170.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_6m1_0-3.6.15-150000.3.170.1.i586",
"product": {
"name": "libpython3_6m1_0-3.6.15-150000.3.170.1.i586",
"product_id": "libpython3_6m1_0-3.6.15-150000.3.170.1.i586"
}
},
{
"category": "product_version",
"name": "python3-3.6.15-150000.3.170.1.i586",
"product": {
"name": "python3-3.6.15-150000.3.170.1.i586",
"product_id": "python3-3.6.15-150000.3.170.1.i586"
}
},
{
"category": "product_version",
"name": "python3-base-3.6.15-150000.3.170.1.i586",
"product": {
"name": "python3-base-3.6.15-150000.3.170.1.i586",
"product_id": "python3-base-3.6.15-150000.3.170.1.i586"
}
},
{
"category": "product_version",
"name": "python3-curses-3.6.15-150000.3.170.1.i586",
"product": {
"name": "python3-curses-3.6.15-150000.3.170.1.i586",
"product_id": "python3-curses-3.6.15-150000.3.170.1.i586"
}
},
{
"category": "product_version",
"name": "python3-dbm-3.6.15-150000.3.170.1.i586",
"product": {
"name": "python3-dbm-3.6.15-150000.3.170.1.i586",
"product_id": "python3-dbm-3.6.15-150000.3.170.1.i586"
}
},
{
"category": "product_version",
"name": "python3-devel-3.6.15-150000.3.170.1.i586",
"product": {
"name": "python3-devel-3.6.15-150000.3.170.1.i586",
"product_id": "python3-devel-3.6.15-150000.3.170.1.i586"
}
},
{
"category": "product_version",
"name": "python3-doc-3.6.15-150000.3.170.1.i586",
"product": {
"name": "python3-doc-3.6.15-150000.3.170.1.i586",
"product_id": "python3-doc-3.6.15-150000.3.170.1.i586"
}
},
{
"category": "product_version",
"name": "python3-doc-devhelp-3.6.15-150000.3.170.1.i586",
"product": {
"name": "python3-doc-devhelp-3.6.15-150000.3.170.1.i586",
"product_id": "python3-doc-devhelp-3.6.15-150000.3.170.1.i586"
}
},
{
"category": "product_version",
"name": "python3-idle-3.6.15-150000.3.170.1.i586",
"product": {
"name": "python3-idle-3.6.15-150000.3.170.1.i586",
"product_id": "python3-idle-3.6.15-150000.3.170.1.i586"
}
},
{
"category": "product_version",
"name": "python3-testsuite-3.6.15-150000.3.170.1.i586",
"product": {
"name": "python3-testsuite-3.6.15-150000.3.170.1.i586",
"product_id": "python3-testsuite-3.6.15-150000.3.170.1.i586"
}
},
{
"category": "product_version",
"name": "python3-tk-3.6.15-150000.3.170.1.i586",
"product": {
"name": "python3-tk-3.6.15-150000.3.170.1.i586",
"product_id": "python3-tk-3.6.15-150000.3.170.1.i586"
}
},
{
"category": "product_version",
"name": "python3-tools-3.6.15-150000.3.170.1.i586",
"product": {
"name": "python3-tools-3.6.15-150000.3.170.1.i586",
"product_id": "python3-tools-3.6.15-150000.3.170.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_6m1_0-3.6.15-150000.3.170.1.ppc64le",
"product": {
"name": "libpython3_6m1_0-3.6.15-150000.3.170.1.ppc64le",
"product_id": "libpython3_6m1_0-3.6.15-150000.3.170.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-3.6.15-150000.3.170.1.ppc64le",
"product": {
"name": "python3-3.6.15-150000.3.170.1.ppc64le",
"product_id": "python3-3.6.15-150000.3.170.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-base-3.6.15-150000.3.170.1.ppc64le",
"product": {
"name": "python3-base-3.6.15-150000.3.170.1.ppc64le",
"product_id": "python3-base-3.6.15-150000.3.170.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-curses-3.6.15-150000.3.170.1.ppc64le",
"product": {
"name": "python3-curses-3.6.15-150000.3.170.1.ppc64le",
"product_id": "python3-curses-3.6.15-150000.3.170.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-dbm-3.6.15-150000.3.170.1.ppc64le",
"product": {
"name": "python3-dbm-3.6.15-150000.3.170.1.ppc64le",
"product_id": "python3-dbm-3.6.15-150000.3.170.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-devel-3.6.15-150000.3.170.1.ppc64le",
"product": {
"name": "python3-devel-3.6.15-150000.3.170.1.ppc64le",
"product_id": "python3-devel-3.6.15-150000.3.170.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-doc-3.6.15-150000.3.170.1.ppc64le",
"product": {
"name": "python3-doc-3.6.15-150000.3.170.1.ppc64le",
"product_id": "python3-doc-3.6.15-150000.3.170.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-doc-devhelp-3.6.15-150000.3.170.1.ppc64le",
"product": {
"name": "python3-doc-devhelp-3.6.15-150000.3.170.1.ppc64le",
"product_id": "python3-doc-devhelp-3.6.15-150000.3.170.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-idle-3.6.15-150000.3.170.1.ppc64le",
"product": {
"name": "python3-idle-3.6.15-150000.3.170.1.ppc64le",
"product_id": "python3-idle-3.6.15-150000.3.170.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-testsuite-3.6.15-150000.3.170.1.ppc64le",
"product": {
"name": "python3-testsuite-3.6.15-150000.3.170.1.ppc64le",
"product_id": "python3-testsuite-3.6.15-150000.3.170.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-tk-3.6.15-150000.3.170.1.ppc64le",
"product": {
"name": "python3-tk-3.6.15-150000.3.170.1.ppc64le",
"product_id": "python3-tk-3.6.15-150000.3.170.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-tools-3.6.15-150000.3.170.1.ppc64le",
"product": {
"name": "python3-tools-3.6.15-150000.3.170.1.ppc64le",
"product_id": "python3-tools-3.6.15-150000.3.170.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_6m1_0-3.6.15-150000.3.170.1.s390x",
"product": {
"name": "libpython3_6m1_0-3.6.15-150000.3.170.1.s390x",
"product_id": "libpython3_6m1_0-3.6.15-150000.3.170.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-3.6.15-150000.3.170.1.s390x",
"product": {
"name": "python3-3.6.15-150000.3.170.1.s390x",
"product_id": "python3-3.6.15-150000.3.170.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-base-3.6.15-150000.3.170.1.s390x",
"product": {
"name": "python3-base-3.6.15-150000.3.170.1.s390x",
"product_id": "python3-base-3.6.15-150000.3.170.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-curses-3.6.15-150000.3.170.1.s390x",
"product": {
"name": "python3-curses-3.6.15-150000.3.170.1.s390x",
"product_id": "python3-curses-3.6.15-150000.3.170.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-dbm-3.6.15-150000.3.170.1.s390x",
"product": {
"name": "python3-dbm-3.6.15-150000.3.170.1.s390x",
"product_id": "python3-dbm-3.6.15-150000.3.170.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-devel-3.6.15-150000.3.170.1.s390x",
"product": {
"name": "python3-devel-3.6.15-150000.3.170.1.s390x",
"product_id": "python3-devel-3.6.15-150000.3.170.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-doc-3.6.15-150000.3.170.1.s390x",
"product": {
"name": "python3-doc-3.6.15-150000.3.170.1.s390x",
"product_id": "python3-doc-3.6.15-150000.3.170.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-doc-devhelp-3.6.15-150000.3.170.1.s390x",
"product": {
"name": "python3-doc-devhelp-3.6.15-150000.3.170.1.s390x",
"product_id": "python3-doc-devhelp-3.6.15-150000.3.170.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-idle-3.6.15-150000.3.170.1.s390x",
"product": {
"name": "python3-idle-3.6.15-150000.3.170.1.s390x",
"product_id": "python3-idle-3.6.15-150000.3.170.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-testsuite-3.6.15-150000.3.170.1.s390x",
"product": {
"name": "python3-testsuite-3.6.15-150000.3.170.1.s390x",
"product_id": "python3-testsuite-3.6.15-150000.3.170.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-tk-3.6.15-150000.3.170.1.s390x",
"product": {
"name": "python3-tk-3.6.15-150000.3.170.1.s390x",
"product_id": "python3-tk-3.6.15-150000.3.170.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-tools-3.6.15-150000.3.170.1.s390x",
"product": {
"name": "python3-tools-3.6.15-150000.3.170.1.s390x",
"product_id": "python3-tools-3.6.15-150000.3.170.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_6m1_0-3.6.15-150000.3.170.1.x86_64",
"product": {
"name": "libpython3_6m1_0-3.6.15-150000.3.170.1.x86_64",
"product_id": "libpython3_6m1_0-3.6.15-150000.3.170.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpython3_6m1_0-32bit-3.6.15-150000.3.170.1.x86_64",
"product": {
"name": "libpython3_6m1_0-32bit-3.6.15-150000.3.170.1.x86_64",
"product_id": "libpython3_6m1_0-32bit-3.6.15-150000.3.170.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-3.6.15-150000.3.170.1.x86_64",
"product": {
"name": "python3-3.6.15-150000.3.170.1.x86_64",
"product_id": "python3-3.6.15-150000.3.170.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-base-3.6.15-150000.3.170.1.x86_64",
"product": {
"name": "python3-base-3.6.15-150000.3.170.1.x86_64",
"product_id": "python3-base-3.6.15-150000.3.170.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-curses-3.6.15-150000.3.170.1.x86_64",
"product": {
"name": "python3-curses-3.6.15-150000.3.170.1.x86_64",
"product_id": "python3-curses-3.6.15-150000.3.170.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-dbm-3.6.15-150000.3.170.1.x86_64",
"product": {
"name": "python3-dbm-3.6.15-150000.3.170.1.x86_64",
"product_id": "python3-dbm-3.6.15-150000.3.170.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-devel-3.6.15-150000.3.170.1.x86_64",
"product": {
"name": "python3-devel-3.6.15-150000.3.170.1.x86_64",
"product_id": "python3-devel-3.6.15-150000.3.170.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-doc-3.6.15-150000.3.170.1.x86_64",
"product": {
"name": "python3-doc-3.6.15-150000.3.170.1.x86_64",
"product_id": "python3-doc-3.6.15-150000.3.170.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-doc-devhelp-3.6.15-150000.3.170.1.x86_64",
"product": {
"name": "python3-doc-devhelp-3.6.15-150000.3.170.1.x86_64",
"product_id": "python3-doc-devhelp-3.6.15-150000.3.170.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-idle-3.6.15-150000.3.170.1.x86_64",
"product": {
"name": "python3-idle-3.6.15-150000.3.170.1.x86_64",
"product_id": "python3-idle-3.6.15-150000.3.170.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-testsuite-3.6.15-150000.3.170.1.x86_64",
"product": {
"name": "python3-testsuite-3.6.15-150000.3.170.1.x86_64",
"product_id": "python3-testsuite-3.6.15-150000.3.170.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-tk-3.6.15-150000.3.170.1.x86_64",
"product": {
"name": "python3-tk-3.6.15-150000.3.170.1.x86_64",
"product_id": "python3-tk-3.6.15-150000.3.170.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-tools-3.6.15-150000.3.170.1.x86_64",
"product": {
"name": "python3-tools-3.6.15-150000.3.170.1.x86_64",
"product_id": "python3-tools-3.6.15-150000.3.170.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_6m1_0-3.6.15-150000.3.170.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libpython3_6m1_0-3.6.15-150000.3.170.1.aarch64"
},
"product_reference": "libpython3_6m1_0-3.6.15-150000.3.170.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_6m1_0-3.6.15-150000.3.170.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libpython3_6m1_0-3.6.15-150000.3.170.1.s390x"
},
"product_reference": "libpython3_6m1_0-3.6.15-150000.3.170.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_6m1_0-3.6.15-150000.3.170.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libpython3_6m1_0-3.6.15-150000.3.170.1.x86_64"
},
"product_reference": "libpython3_6m1_0-3.6.15-150000.3.170.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-3.6.15-150000.3.170.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:python3-3.6.15-150000.3.170.1.aarch64"
},
"product_reference": "python3-3.6.15-150000.3.170.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-3.6.15-150000.3.170.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:python3-3.6.15-150000.3.170.1.s390x"
},
"product_reference": "python3-3.6.15-150000.3.170.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-3.6.15-150000.3.170.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:python3-3.6.15-150000.3.170.1.x86_64"
},
"product_reference": "python3-3.6.15-150000.3.170.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-base-3.6.15-150000.3.170.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:python3-base-3.6.15-150000.3.170.1.aarch64"
},
"product_reference": "python3-base-3.6.15-150000.3.170.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-base-3.6.15-150000.3.170.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:python3-base-3.6.15-150000.3.170.1.s390x"
},
"product_reference": "python3-base-3.6.15-150000.3.170.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-base-3.6.15-150000.3.170.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:python3-base-3.6.15-150000.3.170.1.x86_64"
},
"product_reference": "python3-base-3.6.15-150000.3.170.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-0938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-0938"
}
],
"notes": [
{
"category": "general",
"text": "The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn\u0027t valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:libpython3_6m1_0-3.6.15-150000.3.170.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libpython3_6m1_0-3.6.15-150000.3.170.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libpython3_6m1_0-3.6.15-150000.3.170.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:python3-3.6.15-150000.3.170.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:python3-3.6.15-150000.3.170.1.s390x",
"SUSE Linux Enterprise Micro 5.1:python3-3.6.15-150000.3.170.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:python3-base-3.6.15-150000.3.170.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:python3-base-3.6.15-150000.3.170.1.s390x",
"SUSE Linux Enterprise Micro 5.1:python3-base-3.6.15-150000.3.170.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-0938",
"url": "https://www.suse.com/security/cve/CVE-2025-0938"
},
{
"category": "external",
"summary": "SUSE Bug 1236705 for CVE-2025-0938",
"url": "https://bugzilla.suse.com/1236705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:libpython3_6m1_0-3.6.15-150000.3.170.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libpython3_6m1_0-3.6.15-150000.3.170.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libpython3_6m1_0-3.6.15-150000.3.170.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:python3-3.6.15-150000.3.170.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:python3-3.6.15-150000.3.170.1.s390x",
"SUSE Linux Enterprise Micro 5.1:python3-3.6.15-150000.3.170.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:python3-base-3.6.15-150000.3.170.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:python3-base-3.6.15-150000.3.170.1.s390x",
"SUSE Linux Enterprise Micro 5.1:python3-base-3.6.15-150000.3.170.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:libpython3_6m1_0-3.6.15-150000.3.170.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libpython3_6m1_0-3.6.15-150000.3.170.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libpython3_6m1_0-3.6.15-150000.3.170.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:python3-3.6.15-150000.3.170.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:python3-3.6.15-150000.3.170.1.s390x",
"SUSE Linux Enterprise Micro 5.1:python3-3.6.15-150000.3.170.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:python3-base-3.6.15-150000.3.170.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:python3-base-3.6.15-150000.3.170.1.s390x",
"SUSE Linux Enterprise Micro 5.1:python3-base-3.6.15-150000.3.170.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-13T10:11:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-0938"
}
]
}
SUSE-SU-2025:0514-1
Vulnerability from csaf_suse - Published: 2025-02-13 11:50 - Updated: 2025-02-13 11:50Summary
Security update for python
Severity
Moderate
Notes
Title of the patch: Security update for python
Description of the patch: This update for python fixes the following issues:
- CVE-2025-0938: functions `urllib.parse.urlsplit` and `urlparse` accept domain names including square brackets (bsc#1236705).
Patchnames: SUSE-2025-514,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-514,openSUSE-SLE-15.6-2025-514
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4 (Medium)
Affected products
Recommended
69 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.71.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.71.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.71.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.71.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.71.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.71.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.71.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.71.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.71.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.71.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.71.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.71.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.71.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.71.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.71.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.71.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.71.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.71.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.71.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.71.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.71.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libpython2_7-1_0-32bit-2.7.18-150000.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-2.7.18-150000.71.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-2.7.18-150000.71.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-2.7.18-150000.71.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-2.7.18-150000.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-32bit-2.7.18-150000.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-base-2.7.18-150000.71.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-base-2.7.18-150000.71.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-base-2.7.18-150000.71.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-base-2.7.18-150000.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-base-32bit-2.7.18-150000.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-curses-2.7.18-150000.71.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-curses-2.7.18-150000.71.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-curses-2.7.18-150000.71.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-curses-2.7.18-150000.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-demo-2.7.18-150000.71.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-demo-2.7.18-150000.71.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-demo-2.7.18-150000.71.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-demo-2.7.18-150000.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-devel-2.7.18-150000.71.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-devel-2.7.18-150000.71.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-devel-2.7.18-150000.71.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-devel-2.7.18-150000.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-doc-2.7.18-150000.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-doc-pdf-2.7.18-150000.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-gdbm-2.7.18-150000.71.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-gdbm-2.7.18-150000.71.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-gdbm-2.7.18-150000.71.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-gdbm-2.7.18-150000.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-idle-2.7.18-150000.71.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-idle-2.7.18-150000.71.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-idle-2.7.18-150000.71.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-idle-2.7.18-150000.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-tk-2.7.18-150000.71.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-tk-2.7.18-150000.71.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-tk-2.7.18-150000.71.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-tk-2.7.18-150000.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-xml-2.7.18-150000.71.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-xml-2.7.18-150000.71.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-xml-2.7.18-150000.71.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-xml-2.7.18-150000.71.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python fixes the following issues:\n\n- CVE-2025-0938: functions `urllib.parse.urlsplit` and `urlparse` accept domain names including square brackets (bsc#1236705).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-514,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-514,openSUSE-SLE-15.6-2025-514",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0514-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0514-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250514-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0514-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020331.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236705",
"url": "https://bugzilla.suse.com/1236705"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-0938 page",
"url": "https://www.suse.com/security/cve/CVE-2025-0938/"
}
],
"title": "Security update for python",
"tracking": {
"current_release_date": "2025-02-13T11:50:49Z",
"generator": {
"date": "2025-02-13T11:50:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0514-1",
"initial_release_date": "2025-02-13T11:50:49Z",
"revision_history": [
{
"date": "2025-02-13T11:50:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpython2_7-1_0-2.7.18-150000.71.1.aarch64",
"product": {
"name": "libpython2_7-1_0-2.7.18-150000.71.1.aarch64",
"product_id": "libpython2_7-1_0-2.7.18-150000.71.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-2.7.18-150000.71.1.aarch64",
"product": {
"name": "python-2.7.18-150000.71.1.aarch64",
"product_id": "python-2.7.18-150000.71.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-base-2.7.18-150000.71.1.aarch64",
"product": {
"name": "python-base-2.7.18-150000.71.1.aarch64",
"product_id": "python-base-2.7.18-150000.71.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-curses-2.7.18-150000.71.1.aarch64",
"product": {
"name": "python-curses-2.7.18-150000.71.1.aarch64",
"product_id": "python-curses-2.7.18-150000.71.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-demo-2.7.18-150000.71.1.aarch64",
"product": {
"name": "python-demo-2.7.18-150000.71.1.aarch64",
"product_id": "python-demo-2.7.18-150000.71.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-devel-2.7.18-150000.71.1.aarch64",
"product": {
"name": "python-devel-2.7.18-150000.71.1.aarch64",
"product_id": "python-devel-2.7.18-150000.71.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-gdbm-2.7.18-150000.71.1.aarch64",
"product": {
"name": "python-gdbm-2.7.18-150000.71.1.aarch64",
"product_id": "python-gdbm-2.7.18-150000.71.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-idle-2.7.18-150000.71.1.aarch64",
"product": {
"name": "python-idle-2.7.18-150000.71.1.aarch64",
"product_id": "python-idle-2.7.18-150000.71.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-tk-2.7.18-150000.71.1.aarch64",
"product": {
"name": "python-tk-2.7.18-150000.71.1.aarch64",
"product_id": "python-tk-2.7.18-150000.71.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-xml-2.7.18-150000.71.1.aarch64",
"product": {
"name": "python-xml-2.7.18-150000.71.1.aarch64",
"product_id": "python-xml-2.7.18-150000.71.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython2_7-1_0-64bit-2.7.18-150000.71.1.aarch64_ilp32",
"product": {
"name": "libpython2_7-1_0-64bit-2.7.18-150000.71.1.aarch64_ilp32",
"product_id": "libpython2_7-1_0-64bit-2.7.18-150000.71.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "python-64bit-2.7.18-150000.71.1.aarch64_ilp32",
"product": {
"name": "python-64bit-2.7.18-150000.71.1.aarch64_ilp32",
"product_id": "python-64bit-2.7.18-150000.71.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "python-base-64bit-2.7.18-150000.71.1.aarch64_ilp32",
"product": {
"name": "python-base-64bit-2.7.18-150000.71.1.aarch64_ilp32",
"product_id": "python-base-64bit-2.7.18-150000.71.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython2_7-1_0-2.7.18-150000.71.1.i586",
"product": {
"name": "libpython2_7-1_0-2.7.18-150000.71.1.i586",
"product_id": "libpython2_7-1_0-2.7.18-150000.71.1.i586"
}
},
{
"category": "product_version",
"name": "python-2.7.18-150000.71.1.i586",
"product": {
"name": "python-2.7.18-150000.71.1.i586",
"product_id": "python-2.7.18-150000.71.1.i586"
}
},
{
"category": "product_version",
"name": "python-base-2.7.18-150000.71.1.i586",
"product": {
"name": "python-base-2.7.18-150000.71.1.i586",
"product_id": "python-base-2.7.18-150000.71.1.i586"
}
},
{
"category": "product_version",
"name": "python-curses-2.7.18-150000.71.1.i586",
"product": {
"name": "python-curses-2.7.18-150000.71.1.i586",
"product_id": "python-curses-2.7.18-150000.71.1.i586"
}
},
{
"category": "product_version",
"name": "python-demo-2.7.18-150000.71.1.i586",
"product": {
"name": "python-demo-2.7.18-150000.71.1.i586",
"product_id": "python-demo-2.7.18-150000.71.1.i586"
}
},
{
"category": "product_version",
"name": "python-devel-2.7.18-150000.71.1.i586",
"product": {
"name": "python-devel-2.7.18-150000.71.1.i586",
"product_id": "python-devel-2.7.18-150000.71.1.i586"
}
},
{
"category": "product_version",
"name": "python-gdbm-2.7.18-150000.71.1.i586",
"product": {
"name": "python-gdbm-2.7.18-150000.71.1.i586",
"product_id": "python-gdbm-2.7.18-150000.71.1.i586"
}
},
{
"category": "product_version",
"name": "python-idle-2.7.18-150000.71.1.i586",
"product": {
"name": "python-idle-2.7.18-150000.71.1.i586",
"product_id": "python-idle-2.7.18-150000.71.1.i586"
}
},
{
"category": "product_version",
"name": "python-tk-2.7.18-150000.71.1.i586",
"product": {
"name": "python-tk-2.7.18-150000.71.1.i586",
"product_id": "python-tk-2.7.18-150000.71.1.i586"
}
},
{
"category": "product_version",
"name": "python-xml-2.7.18-150000.71.1.i586",
"product": {
"name": "python-xml-2.7.18-150000.71.1.i586",
"product_id": "python-xml-2.7.18-150000.71.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "python-doc-2.7.18-150000.71.1.noarch",
"product": {
"name": "python-doc-2.7.18-150000.71.1.noarch",
"product_id": "python-doc-2.7.18-150000.71.1.noarch"
}
},
{
"category": "product_version",
"name": "python-doc-pdf-2.7.18-150000.71.1.noarch",
"product": {
"name": "python-doc-pdf-2.7.18-150000.71.1.noarch",
"product_id": "python-doc-pdf-2.7.18-150000.71.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython2_7-1_0-2.7.18-150000.71.1.ppc64le",
"product": {
"name": "libpython2_7-1_0-2.7.18-150000.71.1.ppc64le",
"product_id": "libpython2_7-1_0-2.7.18-150000.71.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-2.7.18-150000.71.1.ppc64le",
"product": {
"name": "python-2.7.18-150000.71.1.ppc64le",
"product_id": "python-2.7.18-150000.71.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-base-2.7.18-150000.71.1.ppc64le",
"product": {
"name": "python-base-2.7.18-150000.71.1.ppc64le",
"product_id": "python-base-2.7.18-150000.71.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-curses-2.7.18-150000.71.1.ppc64le",
"product": {
"name": "python-curses-2.7.18-150000.71.1.ppc64le",
"product_id": "python-curses-2.7.18-150000.71.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-demo-2.7.18-150000.71.1.ppc64le",
"product": {
"name": "python-demo-2.7.18-150000.71.1.ppc64le",
"product_id": "python-demo-2.7.18-150000.71.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-devel-2.7.18-150000.71.1.ppc64le",
"product": {
"name": "python-devel-2.7.18-150000.71.1.ppc64le",
"product_id": "python-devel-2.7.18-150000.71.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-gdbm-2.7.18-150000.71.1.ppc64le",
"product": {
"name": "python-gdbm-2.7.18-150000.71.1.ppc64le",
"product_id": "python-gdbm-2.7.18-150000.71.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-idle-2.7.18-150000.71.1.ppc64le",
"product": {
"name": "python-idle-2.7.18-150000.71.1.ppc64le",
"product_id": "python-idle-2.7.18-150000.71.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-tk-2.7.18-150000.71.1.ppc64le",
"product": {
"name": "python-tk-2.7.18-150000.71.1.ppc64le",
"product_id": "python-tk-2.7.18-150000.71.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-xml-2.7.18-150000.71.1.ppc64le",
"product": {
"name": "python-xml-2.7.18-150000.71.1.ppc64le",
"product_id": "python-xml-2.7.18-150000.71.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython2_7-1_0-2.7.18-150000.71.1.s390x",
"product": {
"name": "libpython2_7-1_0-2.7.18-150000.71.1.s390x",
"product_id": "libpython2_7-1_0-2.7.18-150000.71.1.s390x"
}
},
{
"category": "product_version",
"name": "python-2.7.18-150000.71.1.s390x",
"product": {
"name": "python-2.7.18-150000.71.1.s390x",
"product_id": "python-2.7.18-150000.71.1.s390x"
}
},
{
"category": "product_version",
"name": "python-base-2.7.18-150000.71.1.s390x",
"product": {
"name": "python-base-2.7.18-150000.71.1.s390x",
"product_id": "python-base-2.7.18-150000.71.1.s390x"
}
},
{
"category": "product_version",
"name": "python-curses-2.7.18-150000.71.1.s390x",
"product": {
"name": "python-curses-2.7.18-150000.71.1.s390x",
"product_id": "python-curses-2.7.18-150000.71.1.s390x"
}
},
{
"category": "product_version",
"name": "python-demo-2.7.18-150000.71.1.s390x",
"product": {
"name": "python-demo-2.7.18-150000.71.1.s390x",
"product_id": "python-demo-2.7.18-150000.71.1.s390x"
}
},
{
"category": "product_version",
"name": "python-devel-2.7.18-150000.71.1.s390x",
"product": {
"name": "python-devel-2.7.18-150000.71.1.s390x",
"product_id": "python-devel-2.7.18-150000.71.1.s390x"
}
},
{
"category": "product_version",
"name": "python-gdbm-2.7.18-150000.71.1.s390x",
"product": {
"name": "python-gdbm-2.7.18-150000.71.1.s390x",
"product_id": "python-gdbm-2.7.18-150000.71.1.s390x"
}
},
{
"category": "product_version",
"name": "python-idle-2.7.18-150000.71.1.s390x",
"product": {
"name": "python-idle-2.7.18-150000.71.1.s390x",
"product_id": "python-idle-2.7.18-150000.71.1.s390x"
}
},
{
"category": "product_version",
"name": "python-tk-2.7.18-150000.71.1.s390x",
"product": {
"name": "python-tk-2.7.18-150000.71.1.s390x",
"product_id": "python-tk-2.7.18-150000.71.1.s390x"
}
},
{
"category": "product_version",
"name": "python-xml-2.7.18-150000.71.1.s390x",
"product": {
"name": "python-xml-2.7.18-150000.71.1.s390x",
"product_id": "python-xml-2.7.18-150000.71.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython2_7-1_0-2.7.18-150000.71.1.x86_64",
"product": {
"name": "libpython2_7-1_0-2.7.18-150000.71.1.x86_64",
"product_id": "libpython2_7-1_0-2.7.18-150000.71.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpython2_7-1_0-32bit-2.7.18-150000.71.1.x86_64",
"product": {
"name": "libpython2_7-1_0-32bit-2.7.18-150000.71.1.x86_64",
"product_id": "libpython2_7-1_0-32bit-2.7.18-150000.71.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-2.7.18-150000.71.1.x86_64",
"product": {
"name": "python-2.7.18-150000.71.1.x86_64",
"product_id": "python-2.7.18-150000.71.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-32bit-2.7.18-150000.71.1.x86_64",
"product": {
"name": "python-32bit-2.7.18-150000.71.1.x86_64",
"product_id": "python-32bit-2.7.18-150000.71.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-base-2.7.18-150000.71.1.x86_64",
"product": {
"name": "python-base-2.7.18-150000.71.1.x86_64",
"product_id": "python-base-2.7.18-150000.71.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-base-32bit-2.7.18-150000.71.1.x86_64",
"product": {
"name": "python-base-32bit-2.7.18-150000.71.1.x86_64",
"product_id": "python-base-32bit-2.7.18-150000.71.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-curses-2.7.18-150000.71.1.x86_64",
"product": {
"name": "python-curses-2.7.18-150000.71.1.x86_64",
"product_id": "python-curses-2.7.18-150000.71.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-demo-2.7.18-150000.71.1.x86_64",
"product": {
"name": "python-demo-2.7.18-150000.71.1.x86_64",
"product_id": "python-demo-2.7.18-150000.71.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-devel-2.7.18-150000.71.1.x86_64",
"product": {
"name": "python-devel-2.7.18-150000.71.1.x86_64",
"product_id": "python-devel-2.7.18-150000.71.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-gdbm-2.7.18-150000.71.1.x86_64",
"product": {
"name": "python-gdbm-2.7.18-150000.71.1.x86_64",
"product_id": "python-gdbm-2.7.18-150000.71.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-idle-2.7.18-150000.71.1.x86_64",
"product": {
"name": "python-idle-2.7.18-150000.71.1.x86_64",
"product_id": "python-idle-2.7.18-150000.71.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-tk-2.7.18-150000.71.1.x86_64",
"product": {
"name": "python-tk-2.7.18-150000.71.1.x86_64",
"product_id": "python-tk-2.7.18-150000.71.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-xml-2.7.18-150000.71.1.x86_64",
"product": {
"name": "python-xml-2.7.18-150000.71.1.x86_64",
"product_id": "python-xml-2.7.18-150000.71.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-2.7.18-150000.71.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.71.1.aarch64"
},
"product_reference": "libpython2_7-1_0-2.7.18-150000.71.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-2.7.18-150000.71.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.71.1.ppc64le"
},
"product_reference": "libpython2_7-1_0-2.7.18-150000.71.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-2.7.18-150000.71.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.71.1.s390x"
},
"product_reference": "libpython2_7-1_0-2.7.18-150000.71.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-2.7.18-150000.71.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.71.1.x86_64"
},
"product_reference": "libpython2_7-1_0-2.7.18-150000.71.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-150000.71.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.71.1.aarch64"
},
"product_reference": "python-2.7.18-150000.71.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-150000.71.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.71.1.ppc64le"
},
"product_reference": "python-2.7.18-150000.71.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-150000.71.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.71.1.s390x"
},
"product_reference": "python-2.7.18-150000.71.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-150000.71.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.71.1.x86_64"
},
"product_reference": "python-2.7.18-150000.71.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-2.7.18-150000.71.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.71.1.aarch64"
},
"product_reference": "python-base-2.7.18-150000.71.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-2.7.18-150000.71.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.71.1.ppc64le"
},
"product_reference": "python-base-2.7.18-150000.71.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-2.7.18-150000.71.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.71.1.s390x"
},
"product_reference": "python-base-2.7.18-150000.71.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-2.7.18-150000.71.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.71.1.x86_64"
},
"product_reference": "python-base-2.7.18-150000.71.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-150000.71.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.71.1.aarch64"
},
"product_reference": "python-curses-2.7.18-150000.71.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-150000.71.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.71.1.ppc64le"
},
"product_reference": "python-curses-2.7.18-150000.71.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-150000.71.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.71.1.s390x"
},
"product_reference": "python-curses-2.7.18-150000.71.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-150000.71.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.71.1.x86_64"
},
"product_reference": "python-curses-2.7.18-150000.71.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-150000.71.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.71.1.aarch64"
},
"product_reference": "python-gdbm-2.7.18-150000.71.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-150000.71.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.71.1.ppc64le"
},
"product_reference": "python-gdbm-2.7.18-150000.71.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-150000.71.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.71.1.s390x"
},
"product_reference": "python-gdbm-2.7.18-150000.71.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-150000.71.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.71.1.x86_64"
},
"product_reference": "python-gdbm-2.7.18-150000.71.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xml-2.7.18-150000.71.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.71.1.aarch64"
},
"product_reference": "python-xml-2.7.18-150000.71.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xml-2.7.18-150000.71.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.71.1.ppc64le"
},
"product_reference": "python-xml-2.7.18-150000.71.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xml-2.7.18-150000.71.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.71.1.s390x"
},
"product_reference": "python-xml-2.7.18-150000.71.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xml-2.7.18-150000.71.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.71.1.x86_64"
},
"product_reference": "python-xml-2.7.18-150000.71.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-2.7.18-150000.71.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.71.1.aarch64"
},
"product_reference": "libpython2_7-1_0-2.7.18-150000.71.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-2.7.18-150000.71.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.71.1.ppc64le"
},
"product_reference": "libpython2_7-1_0-2.7.18-150000.71.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-2.7.18-150000.71.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.71.1.s390x"
},
"product_reference": "libpython2_7-1_0-2.7.18-150000.71.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-2.7.18-150000.71.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.71.1.x86_64"
},
"product_reference": "libpython2_7-1_0-2.7.18-150000.71.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-32bit-2.7.18-150000.71.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython2_7-1_0-32bit-2.7.18-150000.71.1.x86_64"
},
"product_reference": "libpython2_7-1_0-32bit-2.7.18-150000.71.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-150000.71.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-2.7.18-150000.71.1.aarch64"
},
"product_reference": "python-2.7.18-150000.71.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-150000.71.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-2.7.18-150000.71.1.ppc64le"
},
"product_reference": "python-2.7.18-150000.71.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-150000.71.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-2.7.18-150000.71.1.s390x"
},
"product_reference": "python-2.7.18-150000.71.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-150000.71.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-2.7.18-150000.71.1.x86_64"
},
"product_reference": "python-2.7.18-150000.71.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-32bit-2.7.18-150000.71.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-32bit-2.7.18-150000.71.1.x86_64"
},
"product_reference": "python-32bit-2.7.18-150000.71.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-2.7.18-150000.71.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-base-2.7.18-150000.71.1.aarch64"
},
"product_reference": "python-base-2.7.18-150000.71.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-2.7.18-150000.71.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-base-2.7.18-150000.71.1.ppc64le"
},
"product_reference": "python-base-2.7.18-150000.71.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-2.7.18-150000.71.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-base-2.7.18-150000.71.1.s390x"
},
"product_reference": "python-base-2.7.18-150000.71.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-2.7.18-150000.71.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-base-2.7.18-150000.71.1.x86_64"
},
"product_reference": "python-base-2.7.18-150000.71.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-32bit-2.7.18-150000.71.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-base-32bit-2.7.18-150000.71.1.x86_64"
},
"product_reference": "python-base-32bit-2.7.18-150000.71.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-150000.71.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-curses-2.7.18-150000.71.1.aarch64"
},
"product_reference": "python-curses-2.7.18-150000.71.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-150000.71.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-curses-2.7.18-150000.71.1.ppc64le"
},
"product_reference": "python-curses-2.7.18-150000.71.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-150000.71.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-curses-2.7.18-150000.71.1.s390x"
},
"product_reference": "python-curses-2.7.18-150000.71.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-150000.71.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-curses-2.7.18-150000.71.1.x86_64"
},
"product_reference": "python-curses-2.7.18-150000.71.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-demo-2.7.18-150000.71.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-demo-2.7.18-150000.71.1.aarch64"
},
"product_reference": "python-demo-2.7.18-150000.71.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-demo-2.7.18-150000.71.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-demo-2.7.18-150000.71.1.ppc64le"
},
"product_reference": "python-demo-2.7.18-150000.71.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-demo-2.7.18-150000.71.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-demo-2.7.18-150000.71.1.s390x"
},
"product_reference": "python-demo-2.7.18-150000.71.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-demo-2.7.18-150000.71.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-demo-2.7.18-150000.71.1.x86_64"
},
"product_reference": "python-demo-2.7.18-150000.71.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-devel-2.7.18-150000.71.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-devel-2.7.18-150000.71.1.aarch64"
},
"product_reference": "python-devel-2.7.18-150000.71.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-devel-2.7.18-150000.71.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-devel-2.7.18-150000.71.1.ppc64le"
},
"product_reference": "python-devel-2.7.18-150000.71.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-devel-2.7.18-150000.71.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-devel-2.7.18-150000.71.1.s390x"
},
"product_reference": "python-devel-2.7.18-150000.71.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-devel-2.7.18-150000.71.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-devel-2.7.18-150000.71.1.x86_64"
},
"product_reference": "python-devel-2.7.18-150000.71.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-doc-2.7.18-150000.71.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-doc-2.7.18-150000.71.1.noarch"
},
"product_reference": "python-doc-2.7.18-150000.71.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-doc-pdf-2.7.18-150000.71.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-doc-pdf-2.7.18-150000.71.1.noarch"
},
"product_reference": "python-doc-pdf-2.7.18-150000.71.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-150000.71.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-gdbm-2.7.18-150000.71.1.aarch64"
},
"product_reference": "python-gdbm-2.7.18-150000.71.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-150000.71.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-gdbm-2.7.18-150000.71.1.ppc64le"
},
"product_reference": "python-gdbm-2.7.18-150000.71.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-150000.71.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-gdbm-2.7.18-150000.71.1.s390x"
},
"product_reference": "python-gdbm-2.7.18-150000.71.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-150000.71.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-gdbm-2.7.18-150000.71.1.x86_64"
},
"product_reference": "python-gdbm-2.7.18-150000.71.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-idle-2.7.18-150000.71.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-idle-2.7.18-150000.71.1.aarch64"
},
"product_reference": "python-idle-2.7.18-150000.71.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-idle-2.7.18-150000.71.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-idle-2.7.18-150000.71.1.ppc64le"
},
"product_reference": "python-idle-2.7.18-150000.71.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-idle-2.7.18-150000.71.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-idle-2.7.18-150000.71.1.s390x"
},
"product_reference": "python-idle-2.7.18-150000.71.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-idle-2.7.18-150000.71.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-idle-2.7.18-150000.71.1.x86_64"
},
"product_reference": "python-idle-2.7.18-150000.71.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-tk-2.7.18-150000.71.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-tk-2.7.18-150000.71.1.aarch64"
},
"product_reference": "python-tk-2.7.18-150000.71.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-tk-2.7.18-150000.71.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-tk-2.7.18-150000.71.1.ppc64le"
},
"product_reference": "python-tk-2.7.18-150000.71.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-tk-2.7.18-150000.71.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-tk-2.7.18-150000.71.1.s390x"
},
"product_reference": "python-tk-2.7.18-150000.71.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-tk-2.7.18-150000.71.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-tk-2.7.18-150000.71.1.x86_64"
},
"product_reference": "python-tk-2.7.18-150000.71.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xml-2.7.18-150000.71.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-xml-2.7.18-150000.71.1.aarch64"
},
"product_reference": "python-xml-2.7.18-150000.71.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xml-2.7.18-150000.71.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-xml-2.7.18-150000.71.1.ppc64le"
},
"product_reference": "python-xml-2.7.18-150000.71.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xml-2.7.18-150000.71.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-xml-2.7.18-150000.71.1.s390x"
},
"product_reference": "python-xml-2.7.18-150000.71.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xml-2.7.18-150000.71.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-xml-2.7.18-150000.71.1.x86_64"
},
"product_reference": "python-xml-2.7.18-150000.71.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-0938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-0938"
}
],
"notes": [
{
"category": "general",
"text": "The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn\u0027t valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.71.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.71.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.71.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.71.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.71.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.71.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.71.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.71.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.71.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.71.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.71.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.71.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.71.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.71.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.71.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.71.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.71.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.71.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.71.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.71.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.71.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.71.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.71.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:libpython2_7-1_0-32bit-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:python-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:python-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:python-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-32bit-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-base-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:python-base-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:python-base-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:python-base-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-base-32bit-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-curses-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:python-curses-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:python-curses-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:python-curses-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-demo-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:python-demo-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:python-demo-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:python-demo-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-devel-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:python-devel-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:python-devel-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:python-devel-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-doc-2.7.18-150000.71.1.noarch",
"openSUSE Leap 15.6:python-doc-pdf-2.7.18-150000.71.1.noarch",
"openSUSE Leap 15.6:python-gdbm-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:python-gdbm-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:python-gdbm-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:python-gdbm-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-idle-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:python-idle-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:python-idle-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:python-idle-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-tk-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:python-tk-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:python-tk-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:python-tk-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-xml-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:python-xml-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:python-xml-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:python-xml-2.7.18-150000.71.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-0938",
"url": "https://www.suse.com/security/cve/CVE-2025-0938"
},
{
"category": "external",
"summary": "SUSE Bug 1236705 for CVE-2025-0938",
"url": "https://bugzilla.suse.com/1236705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.71.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.71.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.71.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.71.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.71.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.71.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.71.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.71.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.71.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.71.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.71.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.71.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.71.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.71.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.71.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.71.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.71.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.71.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.71.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.71.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.71.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.71.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.71.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:libpython2_7-1_0-32bit-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:python-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:python-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:python-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-32bit-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-base-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:python-base-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:python-base-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:python-base-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-base-32bit-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-curses-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:python-curses-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:python-curses-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:python-curses-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-demo-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:python-demo-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:python-demo-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:python-demo-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-devel-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:python-devel-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:python-devel-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:python-devel-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-doc-2.7.18-150000.71.1.noarch",
"openSUSE Leap 15.6:python-doc-pdf-2.7.18-150000.71.1.noarch",
"openSUSE Leap 15.6:python-gdbm-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:python-gdbm-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:python-gdbm-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:python-gdbm-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-idle-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:python-idle-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:python-idle-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:python-idle-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-tk-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:python-tk-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:python-tk-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:python-tk-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-xml-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:python-xml-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:python-xml-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:python-xml-2.7.18-150000.71.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.71.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.71.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.71.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.71.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.71.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.71.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.71.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.71.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.71.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.71.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.71.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.71.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.71.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.71.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.71.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.71.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.71.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.71.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.71.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.71.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.71.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.71.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.71.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:libpython2_7-1_0-32bit-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:python-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:python-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:python-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-32bit-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-base-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:python-base-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:python-base-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:python-base-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-base-32bit-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-curses-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:python-curses-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:python-curses-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:python-curses-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-demo-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:python-demo-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:python-demo-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:python-demo-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-devel-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:python-devel-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:python-devel-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:python-devel-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-doc-2.7.18-150000.71.1.noarch",
"openSUSE Leap 15.6:python-doc-pdf-2.7.18-150000.71.1.noarch",
"openSUSE Leap 15.6:python-gdbm-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:python-gdbm-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:python-gdbm-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:python-gdbm-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-idle-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:python-idle-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:python-idle-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:python-idle-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-tk-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:python-tk-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:python-tk-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:python-tk-2.7.18-150000.71.1.x86_64",
"openSUSE Leap 15.6:python-xml-2.7.18-150000.71.1.aarch64",
"openSUSE Leap 15.6:python-xml-2.7.18-150000.71.1.ppc64le",
"openSUSE Leap 15.6:python-xml-2.7.18-150000.71.1.s390x",
"openSUSE Leap 15.6:python-xml-2.7.18-150000.71.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-13T11:50:49Z",
"details": "moderate"
}
],
"title": "CVE-2025-0938"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…