Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-8194 (GCVE-0-2025-8194)
Vulnerability from cvelistv5 – Published: 2025-07-28 18:42 – Updated: 2026-04-21 20:17
VLAI
EPSS
Title
Tarfile infinite loop during parsing with negative member offset
Summary
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives.
This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
13 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.10.19
(python)
Affected: 3.11.0 , < 3.11.14 (python) Affected: 3.12.0 , < 3.12.12 (python) Affected: 3.13.0 , < 3.13.6 (python) Affected: 3.14.0a1 , < 3.14.0rc2 (python) |
Credits
Alexander Urieles
Seth Larson
Ethan Furman
Steve Dower
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8194",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T18:57:54.114655Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T18:57:59.093Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T22:06:48.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/07/28/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/07/28/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.10.19",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.11.14",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.12",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.6",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.0rc2",
"status": "affected",
"version": "3.14.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Alexander Urieles"
},
{
"lang": "en",
"type": "coordinator",
"value": "Seth Larson"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Ethan Furman"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Steve Dower"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is a defect in the CPython \u201ctarfile\u201d module affecting the \u201cTarFile\u201d extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. \u003cbr\u003e\u003cbr\u003eThis vulnerability can be mitigated by including the following patch after importing the \u201ctarfile\u201d module:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1\"\u003ehttps://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1\u003c/a\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "There is a defect in the CPython \u201ctarfile\u201d module affecting the \u201cTarFile\u201d extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. \n\nThis vulnerability can be mitigated by including the following patch after importing the \u201ctarfile\u201d module:\u00a0 https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T20:17:39.595Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/130577"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/137027"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/7040aa54f14676938970e10c5f74ea93cd56aa38"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/cdae923ffe187d6ef916c0f665a31249619193fe"
},
{
"tags": [
"mitigation"
],
"url": "https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/c9d9f78feb1467e73fd29356c040bde1c104f29f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/fbc2a0ca9ac8aff6887f8ddf79b87b4510277227"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/57f5981d6260ed21266e0c26951b8564cc252bc2"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/73f03e4808206f71eb6b92c579505a220942ef19"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/b4ec17488eedec36d3c05fec127df71c0071f6cb"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Tarfile infinite loop during parsing with negative member offset",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-8194",
"datePublished": "2025-07-28T18:42:44.847Z",
"dateReserved": "2025-07-25T14:05:55.899Z",
"dateUpdated": "2026-04-21T20:17:39.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-8194",
"date": "2026-06-07",
"epss": "0.01007",
"percentile": "0.77433"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-8194\",\"sourceIdentifier\":\"cna@python.org\",\"published\":\"2025-07-28T19:15:43.793\",\"lastModified\":\"2025-11-04T22:16:44.687\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"There is a defect in the CPython \u201ctarfile\u201d module affecting the \u201cTarFile\u201d extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. \\n\\nThis vulnerability can be mitigated by including the following patch after importing the \u201ctarfile\u201d module:\u00a0 https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1\"},{\"lang\":\"es\",\"value\":\"Existe un defecto en el m\u00f3dulo \\\"tarfile\\\" de CPython que afecta a las API de extracci\u00f3n y enumeraci\u00f3n de entradas de \\\"TarFile\\\". La implementaci\u00f3n de tar procesaba archivos tar con desplazamientos negativos sin errores, lo que resultaba en un bucle infinito y un bloqueo durante el an\u00e1lisis de archivos tar manipulados con fines maliciosos. Esta vulnerabilidad se puede mitigar incluyendo el siguiente parche despu\u00e9s de importar el m\u00f3dulo \\\"tarfile\\\": import tarfile def _block_patched(self, count): if count \u0026lt; 0: # pragma: no cover raise tarfile.InvalidHeaderError(\\\"invalid offset\\\") return _block_patched._orig_block(self, count) _block_patched._orig_block = tarfile.TarInfo._block tarfile.TarInfo._block = _block_patched\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@python.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"cna@python.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]}],\"references\":[{\"url\":\"https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/57f5981d6260ed21266e0c26951b8564cc252bc2\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/7040aa54f14676938970e10c5f74ea93cd56aa38\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/73f03e4808206f71eb6b92c579505a220942ef19\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/b4ec17488eedec36d3c05fec127df71c0071f6cb\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/c9d9f78feb1467e73fd29356c040bde1c104f29f\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/cdae923ffe187d6ef916c0f665a31249619193fe\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/commit/fbc2a0ca9ac8aff6887f8ddf79b87b4510277227\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/issues/130577\",\"source\":\"cna@python.org\"},{\"url\":\"https://github.com/python/cpython/pull/137027\",\"source\":\"cna@python.org\"},{\"url\":\"https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/\",\"source\":\"cna@python.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/07/28/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/07/28/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/07/28/1\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/07/28/2\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T22:06:48.390Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-8194\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-28T18:57:54.114655Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-28T18:57:56.132Z\"}}], \"cna\": {\"title\": \"Tarfile infinite loop during parsing with negative member offset\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Alexander Urieles\"}, {\"lang\": \"en\", \"type\": \"coordinator\", \"value\": \"Seth Larson\"}, {\"lang\": \"en\", \"type\": \"remediation reviewer\", \"value\": \"Ethan Furman\"}, {\"lang\": \"en\", \"type\": \"remediation reviewer\", \"value\": \"Steve Dower\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/python/cpython\", \"vendor\": \"Python Software Foundation\", \"product\": \"CPython\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.10.19\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"3.11.0\", \"lessThan\": \"3.11.14\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"3.12.0\", \"lessThan\": \"3.12.12\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"3.13.0\", \"lessThan\": \"3.13.6\", \"versionType\": \"python\"}, {\"status\": \"affected\", \"version\": \"3.14.0a1\", \"lessThan\": \"3.14.0rc2\", \"versionType\": \"python\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/python/cpython/issues/130577\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://github.com/python/cpython/pull/137027\", \"tags\": [\"patch\"]}, {\"url\": \"https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/python/cpython/commit/7040aa54f14676938970e10c5f74ea93cd56aa38\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/cdae923ffe187d6ef916c0f665a31249619193fe\", \"tags\": [\"patch\"]}, {\"url\": \"https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1\", \"tags\": [\"mitigation\"]}, {\"url\": \"https://github.com/python/cpython/commit/c9d9f78feb1467e73fd29356c040bde1c104f29f\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/fbc2a0ca9ac8aff6887f8ddf79b87b4510277227\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/57f5981d6260ed21266e0c26951b8564cc252bc2\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/73f03e4808206f71eb6b92c579505a220942ef19\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/python/cpython/commit/b4ec17488eedec36d3c05fec127df71c0071f6cb\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"There is a defect in the CPython \\u201ctarfile\\u201d module affecting the \\u201cTarFile\\u201d extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. \\n\\nThis vulnerability can be mitigated by including the following patch after importing the \\u201ctarfile\\u201d module:\\u00a0 https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"There is a defect in the CPython \\u201ctarfile\\u201d module affecting the \\u201cTarFile\\u201d extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. \u003cbr\u003e\u003cbr\u003eThis vulnerability can be mitigated by including the following patch after importing the \\u201ctarfile\\u201d module:\u0026nbsp;\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1\\\"\u003ehttps://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1\u003c/a\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-835\", \"description\": \"CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"28c92f92-d60d-412d-b760-e73465c3df22\", \"shortName\": \"PSF\", \"dateUpdated\": \"2026-04-21T20:17:39.595Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-8194\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-21T20:17:39.595Z\", \"dateReserved\": \"2025-07-25T14:05:55.899Z\", \"assignerOrgId\": \"28c92f92-d60d-412d-b760-e73465c3df22\", \"datePublished\": \"2025-07-28T18:42:44.847Z\", \"assignerShortName\": \"PSF\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2025:19423
Vulnerability from csaf_redhat - Published: 2025-11-03 07:32 - Updated: 2026-04-15 16:39Summary
Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (NVIDIA)
Severity
Important
Notes
Topic: Red Hat Enterprise Linux AI 1.5 (NVIDIA) is now available.
Details: Red Hat® Enterprise Linux® AI is a foundation model platform to seamlessly develop, test,
and run Granite family large language models (LLMs) for enterprise applications. This
container provides NVIDIA hardware enablement and the InstructLab application stack.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a17f53b6c19150fce3e6d456fde71a74bdab5da5eeb44bec7791084c3471a98e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of important system files, creating opportunities for further compromise. While it doesn't expose data or require user interaction, it poses a high integrity risk and is especially concerning in environments that rely on automated package handling or internal tooling built on setuptools.
7.1 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a17f53b6c19150fce3e6d456fde71a74bdab5da5eeb44bec7791084c3471a98e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in vLLM. A denial of service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large X-Forwarded-For header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making it exploitable by any remote user.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a17f53b6c19150fce3e6d456fde71a74bdab5da5eeb44bec7791084c3471a98e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in xgrammar. Recursive grammar definitions could trigger infinite recursion during parsing in GrammarMatcherBase::ExpandEquivalentStackElements, leading to unbounded stack growth and a segmentation fault. This vulnerability allows remote attackers to cause a denial of service (DoS) when untrusted grammar is processed.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a17f53b6c19150fce3e6d456fde71a74bdab5da5eeb44bec7791084c3471a98e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
36 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Enterprise Linux AI 1.5 (NVIDIA) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae Enterprise Linux\u00ae AI is a foundation model platform to seamlessly develop, test, \nand run Granite family large language models (LLMs) for enterprise applications. This \ncontainer provides NVIDIA hardware enablement and the InstructLab application stack.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19423",
"url": "https://access.redhat.com/errata/RHSA-2025:19423"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47273",
"url": "https://access.redhat.com/security/cve/CVE-2025-47273"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-48956",
"url": "https://access.redhat.com/security/cve/CVE-2025-48956"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-57809",
"url": "https://access.redhat.com/security/cve/CVE-2025-57809"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8194",
"url": "https://access.redhat.com/security/cve/CVE-2025-8194"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai",
"url": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19423.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (NVIDIA)",
"tracking": {
"current_release_date": "2026-04-15T16:39:54+00:00",
"generator": {
"date": "2026-04-15T16:39:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2025:19423",
"initial_release_date": "2025-11-03T07:32:31+00:00",
"revision_history": [
{
"date": "2025-11-03T07:32:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-03T07:32:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-15T16:39:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AI 1.5",
"product": {
"name": "Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux_ai:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c_amd64",
"product": {
"name": "registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c_amd64",
"product_id": "registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/instructlab-nvidia-rhel9@sha256%3Aa7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c?arch=amd64\u0026repository_url=registry.redhat.io/rhelai1\u0026tag=1.5.4-1761220254"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a17f53b6c19150fce3e6d456fde71a74bdab5da5eeb44bec7791084c3471a98e_arm64",
"product": {
"name": "registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a17f53b6c19150fce3e6d456fde71a74bdab5da5eeb44bec7791084c3471a98e_arm64",
"product_id": "registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a17f53b6c19150fce3e6d456fde71a74bdab5da5eeb44bec7791084c3471a98e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/instructlab-nvidia-rhel9@sha256%3Aa17f53b6c19150fce3e6d456fde71a74bdab5da5eeb44bec7791084c3471a98e?arch=arm64\u0026repository_url=registry.redhat.io/rhelai1\u0026tag=1.5.4-1761220254"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a17f53b6c19150fce3e6d456fde71a74bdab5da5eeb44bec7791084c3471a98e_arm64 as a component of Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a17f53b6c19150fce3e6d456fde71a74bdab5da5eeb44bec7791084c3471a98e_arm64"
},
"product_reference": "registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a17f53b6c19150fce3e6d456fde71a74bdab5da5eeb44bec7791084c3471a98e_arm64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c_amd64 as a component of Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c_amd64"
},
"product_reference": "registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c_amd64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8194",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2025-07-28T19:00:50.076451+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2384043"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Cpython infinite loop when parsing a tarfile",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted tar archive with a Python application using the tarfile module. Furthermore, this vulnerability will cause a denial of service with no other security impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a17f53b6c19150fce3e6d456fde71a74bdab5da5eeb44bec7791084c3471a98e_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8194"
},
{
"category": "external",
"summary": "RHBZ#2384043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2384043"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8194",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8194"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/130577",
"url": "https://github.com/python/cpython/issues/130577"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/137027",
"url": "https://github.com/python/cpython/pull/137027"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/"
}
],
"release_date": "2025-07-28T18:42:44.847000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:32:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19423",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a17f53b6c19150fce3e6d456fde71a74bdab5da5eeb44bec7791084c3471a98e_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19423"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by adding the following code after importing the tarfile module (\"import tarfile\"):\n\n~~~\nimport tarfile\n\ndef _block_patched(self, count):\n if count \u003c 0: # pragma: no cover\n raise tarfile.InvalidHeaderError(\"invalid offset\")\n return _block_patched._orig_block(self, count)\n\n_block_patched._orig_block = tarfile.TarInfo._block\ntarfile.TarInfo._block = _block_patched\n~~~",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a17f53b6c19150fce3e6d456fde71a74bdab5da5eeb44bec7791084c3471a98e_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a17f53b6c19150fce3e6d456fde71a74bdab5da5eeb44bec7791084c3471a98e_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Cpython infinite loop when parsing a tarfile"
},
{
"cve": "CVE-2025-47273",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-05-17T16:00:41.145177+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2366982"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of important system files, creating opportunities for further compromise. While it doesn\u0027t expose data or require user interaction, it poses a high integrity risk and is especially concerning in environments that rely on automated package handling or internal tooling built on setuptools.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this vulnerability \"Moderate\" based on the impact of the damage caused by a successful exploitation and the pre-requisites.\n\n* Exploitation requires that the attacker have limited code execution access to a Python environment where they can trigger the vulnerable PackageIndex.download() function\u2014this might be via a script, plugin, or automated job. Full admin rights aren\u0027t needed but a user with no access at all will be unable to exploit this vulnerability.\n* The vulnerability impacts the integrity of the system within the same security boundary\u2014it does not enable access or compromise across trust boundaries (e.g., from one container to another or from user space to kernel).\n* Successful exploitation only allows the attacker to \"create\" new files. The vulnerability does not provide access to existing files and by an extension to any confidential information. \n* Arbitrary file writes can overwrite critical config files, executables, or scripts. This can lead to persistent code execution, system misconfiguration, or unauthorized behavior, especially in automated environments. While overwriting critical files could theoretically lead to service disruption, the vulnerability in isolation does not inherently cause denial of service. The exploit doesn\u0027t target availability directly, and in many cases, systems may continue running.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a17f53b6c19150fce3e6d456fde71a74bdab5da5eeb44bec7791084c3471a98e_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47273"
},
{
"category": "external",
"summary": "RHBZ#2366982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366982"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47273",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47273"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88",
"url": "https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b",
"url": "https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/issues/4946",
"url": "https://github.com/pypa/setuptools/issues/4946"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf",
"url": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf"
}
],
"release_date": "2025-05-17T15:46:11.399000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:32:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19423",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a17f53b6c19150fce3e6d456fde71a74bdab5da5eeb44bec7791084c3471a98e_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19423"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a17f53b6c19150fce3e6d456fde71a74bdab5da5eeb44bec7791084c3471a98e_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a17f53b6c19150fce3e6d456fde71a74bdab5da5eeb44bec7791084c3471a98e_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex"
},
{
"cve": "CVE-2025-48956",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2025-06-12T17:02:11.238000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372522"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM. A denial of service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large X-Forwarded-For header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making it exploitable by any remote user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: HTTP header size limit not enforced allows Denial of Service from Unauthenticated requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered Important rather than just Moderate because it enables a complete denial of service with minimal effort from a remote, unauthenticated attacker. Unlike moderate flaws that might require specific conditions, partial access, or complex exploitation chains, here a single oversized HTTP request is sufficient to exhaust server memory and crash the vLLM service. Since vLLM is often deployed as a backend for high-availability inference workloads, this creates a high-impact risk: availability is entirely compromised, all running workloads are disrupted, and recovery may require manual intervention. The lack of authentication barriers makes the attack surface fully exposed over the network, which elevates the severity beyond Moderate to Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a17f53b6c19150fce3e6d456fde71a74bdab5da5eeb44bec7791084c3471a98e_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48956"
},
{
"category": "external",
"summary": "RHBZ#2372522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48956"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/d8b736f913a59117803d6701521d2e4861701944",
"url": "https://github.com/vllm-project/vllm/commit/d8b736f913a59117803d6701521d2e4861701944"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rxc4-3w6r-4v47",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rxc4-3w6r-4v47"
}
],
"release_date": "2025-08-26T14:51:41.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:32:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19423",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a17f53b6c19150fce3e6d456fde71a74bdab5da5eeb44bec7791084c3471a98e_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19423"
},
{
"category": "workaround",
"details": "Until a fix is available, the risk can be reduced by running vLLM behind a reverse proxy such as Nginx, Envoy, or HAProxy with strict header size limits, ensuring that oversized requests are dropped before reaching the service. Additional safeguards like container or VM resource limits and traffic monitoring can help contain the impact, but upgrading to the patched release remains the definitive solution.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a17f53b6c19150fce3e6d456fde71a74bdab5da5eeb44bec7791084c3471a98e_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a17f53b6c19150fce3e6d456fde71a74bdab5da5eeb44bec7791084c3471a98e_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: HTTP header size limit not enforced allows Denial of Service from Unauthenticated requests"
},
{
"cve": "CVE-2025-57809",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-08-25T22:01:14.907855+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2390943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in xgrammar. Recursive grammar definitions could trigger infinite recursion during parsing in GrammarMatcherBase::ExpandEquivalentStackElements, leading to unbounded stack growth and a segmentation fault. This vulnerability allows remote attackers to cause a denial of service (DoS) when untrusted grammar is processed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xgrammar: XGrammar affected by Denial of Service by infinite recursion grammars",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered Important because it can be exploited remotely, without authentication or user interaction, and directly impacts the availability of systems that rely on xgrammar for structured output parsing. Unlike a Moderate flaw that might require unusual conditions or only cause partial degradation, the infinite recursion issue reliably leads to process termination or complete resource exhaustion when malicious input is supplied. Since xgrammar is often integrated into long-running LLM inference services or API backends, a single crafted grammar can consistently force these services into a denial-of-service state, making it a practical, high-impact attack vector. While it does not compromise confidentiality or integrity, the ease of exploitation, network accessibility, and total loss of availability elevate it from a moderate to an important security issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a17f53b6c19150fce3e6d456fde71a74bdab5da5eeb44bec7791084c3471a98e_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-57809"
},
{
"category": "external",
"summary": "RHBZ#2390943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2390943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-57809",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57809"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-57809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57809"
},
{
"category": "external",
"summary": "https://github.com/mlc-ai/xgrammar/commit/b943feacb5a1caf4d39de8ec3bf7c7ce066dcee5",
"url": "https://github.com/mlc-ai/xgrammar/commit/b943feacb5a1caf4d39de8ec3bf7c7ce066dcee5"
},
{
"category": "external",
"summary": "https://github.com/mlc-ai/xgrammar/issues/250",
"url": "https://github.com/mlc-ai/xgrammar/issues/250"
},
{
"category": "external",
"summary": "https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-5cmr-4px5-23pc",
"url": "https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-5cmr-4px5-23pc"
}
],
"release_date": "2025-08-25T21:22:00.226000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:32:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19423",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a17f53b6c19150fce3e6d456fde71a74bdab5da5eeb44bec7791084c3471a98e_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19423"
},
{
"category": "workaround",
"details": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a17f53b6c19150fce3e6d456fde71a74bdab5da5eeb44bec7791084c3471a98e_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a17f53b6c19150fce3e6d456fde71a74bdab5da5eeb44bec7791084c3471a98e_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-nvidia-rhel9@sha256:a7e2df4276aaba0d23430c7c3314e05b005fe5628d588bc1f4f979a35571fa5c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xgrammar: XGrammar affected by Denial of Service by infinite recursion grammars"
}
]
}
RHSA-2025:19424
Vulnerability from csaf_redhat - Published: 2025-11-03 07:33 - Updated: 2026-04-15 16:39Summary
Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (AMD)
Severity
Important
Notes
Topic: Red Hat Enterprise Linux AI 1.5 (AMD) is now available.
Details: Red Hat® Enterprise Linux® AI is a foundation model platform to seamlessly develop, test,
and run Granite family large language models (LLMs) for enterprise applications.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:f77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of important system files, creating opportunities for further compromise. While it doesn't expose data or require user interaction, it poses a high integrity risk and is especially concerning in environments that rely on automated package handling or internal tooling built on setuptools.
7.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:f77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in vLLM. A denial of service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large X-Forwarded-For header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making it exploitable by any remote user.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:f77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in xgrammar. Recursive grammar definitions could trigger infinite recursion during parsing in GrammarMatcherBase::ExpandEquivalentStackElements, leading to unbounded stack growth and a segmentation fault. This vulnerability allows remote attackers to cause a denial of service (DoS) when untrusted grammar is processed.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:f77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
36 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Enterprise Linux AI 1.5 (AMD) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae Enterprise Linux\u00ae AI is a foundation model platform to seamlessly develop, test, \nand run Granite family large language models (LLMs) for enterprise applications.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19424",
"url": "https://access.redhat.com/errata/RHSA-2025:19424"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47273",
"url": "https://access.redhat.com/security/cve/CVE-2025-47273"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-48956",
"url": "https://access.redhat.com/security/cve/CVE-2025-48956"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-57809",
"url": "https://access.redhat.com/security/cve/CVE-2025-57809"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8194",
"url": "https://access.redhat.com/security/cve/CVE-2025-8194"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai",
"url": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19424.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (AMD)",
"tracking": {
"current_release_date": "2026-04-15T16:39:54+00:00",
"generator": {
"date": "2026-04-15T16:39:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2025:19424",
"initial_release_date": "2025-11-03T07:33:10+00:00",
"revision_history": [
{
"date": "2025-11-03T07:33:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-03T07:33:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-15T16:39:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AI 1.5",
"product": {
"name": "Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux_ai:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:f77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99_amd64",
"product": {
"name": "registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:f77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99_amd64",
"product_id": "registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:f77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bootc-azure-amd-rhel9@sha256%3Af77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99?arch=amd64\u0026repository_url=registry.redhat.io/rhelai1\u0026tag=1.5.4-1761073793"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:f77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99_amd64 as a component of Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:f77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99_amd64"
},
"product_reference": "registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:f77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99_amd64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8194",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2025-07-28T19:00:50.076451+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2384043"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Cpython infinite loop when parsing a tarfile",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted tar archive with a Python application using the tarfile module. Furthermore, this vulnerability will cause a denial of service with no other security impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:f77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8194"
},
{
"category": "external",
"summary": "RHBZ#2384043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2384043"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8194",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8194"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/130577",
"url": "https://github.com/python/cpython/issues/130577"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/137027",
"url": "https://github.com/python/cpython/pull/137027"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/"
}
],
"release_date": "2025-07-28T18:42:44.847000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:33:10+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19424",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:f77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19424"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by adding the following code after importing the tarfile module (\"import tarfile\"):\n\n~~~\nimport tarfile\n\ndef _block_patched(self, count):\n if count \u003c 0: # pragma: no cover\n raise tarfile.InvalidHeaderError(\"invalid offset\")\n return _block_patched._orig_block(self, count)\n\n_block_patched._orig_block = tarfile.TarInfo._block\ntarfile.TarInfo._block = _block_patched\n~~~",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:f77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:f77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Cpython infinite loop when parsing a tarfile"
},
{
"cve": "CVE-2025-47273",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-05-17T16:00:41.145177+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2366982"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of important system files, creating opportunities for further compromise. While it doesn\u0027t expose data or require user interaction, it poses a high integrity risk and is especially concerning in environments that rely on automated package handling or internal tooling built on setuptools.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this vulnerability \"Moderate\" based on the impact of the damage caused by a successful exploitation and the pre-requisites.\n\n* Exploitation requires that the attacker have limited code execution access to a Python environment where they can trigger the vulnerable PackageIndex.download() function\u2014this might be via a script, plugin, or automated job. Full admin rights aren\u0027t needed but a user with no access at all will be unable to exploit this vulnerability.\n* The vulnerability impacts the integrity of the system within the same security boundary\u2014it does not enable access or compromise across trust boundaries (e.g., from one container to another or from user space to kernel).\n* Successful exploitation only allows the attacker to \"create\" new files. The vulnerability does not provide access to existing files and by an extension to any confidential information. \n* Arbitrary file writes can overwrite critical config files, executables, or scripts. This can lead to persistent code execution, system misconfiguration, or unauthorized behavior, especially in automated environments. While overwriting critical files could theoretically lead to service disruption, the vulnerability in isolation does not inherently cause denial of service. The exploit doesn\u0027t target availability directly, and in many cases, systems may continue running.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:f77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47273"
},
{
"category": "external",
"summary": "RHBZ#2366982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366982"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47273",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47273"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88",
"url": "https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b",
"url": "https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/issues/4946",
"url": "https://github.com/pypa/setuptools/issues/4946"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf",
"url": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf"
}
],
"release_date": "2025-05-17T15:46:11.399000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:33:10+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19424",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:f77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19424"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:f77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:f77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex"
},
{
"cve": "CVE-2025-48956",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2025-06-12T17:02:11.238000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372522"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM. A denial of service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large X-Forwarded-For header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making it exploitable by any remote user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: HTTP header size limit not enforced allows Denial of Service from Unauthenticated requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered Important rather than just Moderate because it enables a complete denial of service with minimal effort from a remote, unauthenticated attacker. Unlike moderate flaws that might require specific conditions, partial access, or complex exploitation chains, here a single oversized HTTP request is sufficient to exhaust server memory and crash the vLLM service. Since vLLM is often deployed as a backend for high-availability inference workloads, this creates a high-impact risk: availability is entirely compromised, all running workloads are disrupted, and recovery may require manual intervention. The lack of authentication barriers makes the attack surface fully exposed over the network, which elevates the severity beyond Moderate to Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:f77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48956"
},
{
"category": "external",
"summary": "RHBZ#2372522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48956"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/d8b736f913a59117803d6701521d2e4861701944",
"url": "https://github.com/vllm-project/vllm/commit/d8b736f913a59117803d6701521d2e4861701944"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rxc4-3w6r-4v47",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rxc4-3w6r-4v47"
}
],
"release_date": "2025-08-26T14:51:41.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:33:10+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19424",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:f77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19424"
},
{
"category": "workaround",
"details": "Until a fix is available, the risk can be reduced by running vLLM behind a reverse proxy such as Nginx, Envoy, or HAProxy with strict header size limits, ensuring that oversized requests are dropped before reaching the service. Additional safeguards like container or VM resource limits and traffic monitoring can help contain the impact, but upgrading to the patched release remains the definitive solution.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:f77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:f77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: HTTP header size limit not enforced allows Denial of Service from Unauthenticated requests"
},
{
"cve": "CVE-2025-57809",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-08-25T22:01:14.907855+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2390943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in xgrammar. Recursive grammar definitions could trigger infinite recursion during parsing in GrammarMatcherBase::ExpandEquivalentStackElements, leading to unbounded stack growth and a segmentation fault. This vulnerability allows remote attackers to cause a denial of service (DoS) when untrusted grammar is processed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xgrammar: XGrammar affected by Denial of Service by infinite recursion grammars",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered Important because it can be exploited remotely, without authentication or user interaction, and directly impacts the availability of systems that rely on xgrammar for structured output parsing. Unlike a Moderate flaw that might require unusual conditions or only cause partial degradation, the infinite recursion issue reliably leads to process termination or complete resource exhaustion when malicious input is supplied. Since xgrammar is often integrated into long-running LLM inference services or API backends, a single crafted grammar can consistently force these services into a denial-of-service state, making it a practical, high-impact attack vector. While it does not compromise confidentiality or integrity, the ease of exploitation, network accessibility, and total loss of availability elevate it from a moderate to an important security issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:f77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-57809"
},
{
"category": "external",
"summary": "RHBZ#2390943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2390943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-57809",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57809"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-57809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57809"
},
{
"category": "external",
"summary": "https://github.com/mlc-ai/xgrammar/commit/b943feacb5a1caf4d39de8ec3bf7c7ce066dcee5",
"url": "https://github.com/mlc-ai/xgrammar/commit/b943feacb5a1caf4d39de8ec3bf7c7ce066dcee5"
},
{
"category": "external",
"summary": "https://github.com/mlc-ai/xgrammar/issues/250",
"url": "https://github.com/mlc-ai/xgrammar/issues/250"
},
{
"category": "external",
"summary": "https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-5cmr-4px5-23pc",
"url": "https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-5cmr-4px5-23pc"
}
],
"release_date": "2025-08-25T21:22:00.226000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:33:10+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19424",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:f77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19424"
},
{
"category": "workaround",
"details": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:f77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:f77167ea53b46b91631679ed84aab2373ff56dc62cba946296be212443bc2a99_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xgrammar: XGrammar affected by Denial of Service by infinite recursion grammars"
}
]
}
RHSA-2025:19425
Vulnerability from csaf_redhat - Published: 2025-11-03 07:33 - Updated: 2026-04-15 16:39Summary
Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (AMD)
Severity
Important
Notes
Topic: Red Hat Enterprise Linux AI 1.5 (AMD) is now available.
Details: Red Hat® Enterprise Linux® AI is a foundation model platform to seamlessly develop, test,
and run Granite family large language models (LLMs) for enterprise applications. This
container provides NVIDIA hardware enablement and the InstructLab application stack.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of important system files, creating opportunities for further compromise. While it doesn't expose data or require user interaction, it poses a high integrity risk and is especially concerning in environments that rely on automated package handling or internal tooling built on setuptools.
7.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in vLLM. A denial of service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large X-Forwarded-For header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making it exploitable by any remote user.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in xgrammar. Recursive grammar definitions could trigger infinite recursion during parsing in GrammarMatcherBase::ExpandEquivalentStackElements, leading to unbounded stack growth and a segmentation fault. This vulnerability allows remote attackers to cause a denial of service (DoS) when untrusted grammar is processed.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
36 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Enterprise Linux AI 1.5 (AMD) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae Enterprise Linux\u00ae AI is a foundation model platform to seamlessly develop, test, \nand run Granite family large language models (LLMs) for enterprise applications. This \ncontainer provides NVIDIA hardware enablement and the InstructLab application stack.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19425",
"url": "https://access.redhat.com/errata/RHSA-2025:19425"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47273",
"url": "https://access.redhat.com/security/cve/CVE-2025-47273"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-48956",
"url": "https://access.redhat.com/security/cve/CVE-2025-48956"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-57809",
"url": "https://access.redhat.com/security/cve/CVE-2025-57809"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8194",
"url": "https://access.redhat.com/security/cve/CVE-2025-8194"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai",
"url": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19425.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (AMD)",
"tracking": {
"current_release_date": "2026-04-15T16:39:56+00:00",
"generator": {
"date": "2026-04-15T16:39:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2025:19425",
"initial_release_date": "2025-11-03T07:33:42+00:00",
"revision_history": [
{
"date": "2025-11-03T07:33:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-03T07:33:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-15T16:39:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AI 1.5",
"product": {
"name": "Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux_ai:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1_amd64",
"product": {
"name": "registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1_amd64",
"product_id": "registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/instructlab-amd-rhel9@sha256%3A03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1?arch=amd64\u0026repository_url=registry.redhat.io/rhelai1\u0026tag=1.5.4-1761043227"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1_amd64 as a component of Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1_amd64"
},
"product_reference": "registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1_amd64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8194",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2025-07-28T19:00:50.076451+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2384043"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Cpython infinite loop when parsing a tarfile",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted tar archive with a Python application using the tarfile module. Furthermore, this vulnerability will cause a denial of service with no other security impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8194"
},
{
"category": "external",
"summary": "RHBZ#2384043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2384043"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8194",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8194"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/130577",
"url": "https://github.com/python/cpython/issues/130577"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/137027",
"url": "https://github.com/python/cpython/pull/137027"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/"
}
],
"release_date": "2025-07-28T18:42:44.847000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:33:42+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19425",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19425"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by adding the following code after importing the tarfile module (\"import tarfile\"):\n\n~~~\nimport tarfile\n\ndef _block_patched(self, count):\n if count \u003c 0: # pragma: no cover\n raise tarfile.InvalidHeaderError(\"invalid offset\")\n return _block_patched._orig_block(self, count)\n\n_block_patched._orig_block = tarfile.TarInfo._block\ntarfile.TarInfo._block = _block_patched\n~~~",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Cpython infinite loop when parsing a tarfile"
},
{
"cve": "CVE-2025-47273",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-05-17T16:00:41.145177+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2366982"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of important system files, creating opportunities for further compromise. While it doesn\u0027t expose data or require user interaction, it poses a high integrity risk and is especially concerning in environments that rely on automated package handling or internal tooling built on setuptools.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this vulnerability \"Moderate\" based on the impact of the damage caused by a successful exploitation and the pre-requisites.\n\n* Exploitation requires that the attacker have limited code execution access to a Python environment where they can trigger the vulnerable PackageIndex.download() function\u2014this might be via a script, plugin, or automated job. Full admin rights aren\u0027t needed but a user with no access at all will be unable to exploit this vulnerability.\n* The vulnerability impacts the integrity of the system within the same security boundary\u2014it does not enable access or compromise across trust boundaries (e.g., from one container to another or from user space to kernel).\n* Successful exploitation only allows the attacker to \"create\" new files. The vulnerability does not provide access to existing files and by an extension to any confidential information. \n* Arbitrary file writes can overwrite critical config files, executables, or scripts. This can lead to persistent code execution, system misconfiguration, or unauthorized behavior, especially in automated environments. While overwriting critical files could theoretically lead to service disruption, the vulnerability in isolation does not inherently cause denial of service. The exploit doesn\u0027t target availability directly, and in many cases, systems may continue running.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47273"
},
{
"category": "external",
"summary": "RHBZ#2366982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366982"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47273",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47273"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88",
"url": "https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b",
"url": "https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/issues/4946",
"url": "https://github.com/pypa/setuptools/issues/4946"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf",
"url": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf"
}
],
"release_date": "2025-05-17T15:46:11.399000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:33:42+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19425",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19425"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex"
},
{
"cve": "CVE-2025-48956",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2025-06-12T17:02:11.238000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372522"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM. A denial of service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large X-Forwarded-For header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making it exploitable by any remote user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: HTTP header size limit not enforced allows Denial of Service from Unauthenticated requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered Important rather than just Moderate because it enables a complete denial of service with minimal effort from a remote, unauthenticated attacker. Unlike moderate flaws that might require specific conditions, partial access, or complex exploitation chains, here a single oversized HTTP request is sufficient to exhaust server memory and crash the vLLM service. Since vLLM is often deployed as a backend for high-availability inference workloads, this creates a high-impact risk: availability is entirely compromised, all running workloads are disrupted, and recovery may require manual intervention. The lack of authentication barriers makes the attack surface fully exposed over the network, which elevates the severity beyond Moderate to Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48956"
},
{
"category": "external",
"summary": "RHBZ#2372522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48956"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/d8b736f913a59117803d6701521d2e4861701944",
"url": "https://github.com/vllm-project/vllm/commit/d8b736f913a59117803d6701521d2e4861701944"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rxc4-3w6r-4v47",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rxc4-3w6r-4v47"
}
],
"release_date": "2025-08-26T14:51:41.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:33:42+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19425",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19425"
},
{
"category": "workaround",
"details": "Until a fix is available, the risk can be reduced by running vLLM behind a reverse proxy such as Nginx, Envoy, or HAProxy with strict header size limits, ensuring that oversized requests are dropped before reaching the service. Additional safeguards like container or VM resource limits and traffic monitoring can help contain the impact, but upgrading to the patched release remains the definitive solution.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: HTTP header size limit not enforced allows Denial of Service from Unauthenticated requests"
},
{
"cve": "CVE-2025-57809",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-08-25T22:01:14.907855+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2390943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in xgrammar. Recursive grammar definitions could trigger infinite recursion during parsing in GrammarMatcherBase::ExpandEquivalentStackElements, leading to unbounded stack growth and a segmentation fault. This vulnerability allows remote attackers to cause a denial of service (DoS) when untrusted grammar is processed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xgrammar: XGrammar affected by Denial of Service by infinite recursion grammars",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered Important because it can be exploited remotely, without authentication or user interaction, and directly impacts the availability of systems that rely on xgrammar for structured output parsing. Unlike a Moderate flaw that might require unusual conditions or only cause partial degradation, the infinite recursion issue reliably leads to process termination or complete resource exhaustion when malicious input is supplied. Since xgrammar is often integrated into long-running LLM inference services or API backends, a single crafted grammar can consistently force these services into a denial-of-service state, making it a practical, high-impact attack vector. While it does not compromise confidentiality or integrity, the ease of exploitation, network accessibility, and total loss of availability elevate it from a moderate to an important security issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-57809"
},
{
"category": "external",
"summary": "RHBZ#2390943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2390943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-57809",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57809"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-57809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57809"
},
{
"category": "external",
"summary": "https://github.com/mlc-ai/xgrammar/commit/b943feacb5a1caf4d39de8ec3bf7c7ce066dcee5",
"url": "https://github.com/mlc-ai/xgrammar/commit/b943feacb5a1caf4d39de8ec3bf7c7ce066dcee5"
},
{
"category": "external",
"summary": "https://github.com/mlc-ai/xgrammar/issues/250",
"url": "https://github.com/mlc-ai/xgrammar/issues/250"
},
{
"category": "external",
"summary": "https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-5cmr-4px5-23pc",
"url": "https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-5cmr-4px5-23pc"
}
],
"release_date": "2025-08-25T21:22:00.226000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:33:42+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19425",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19425"
},
{
"category": "workaround",
"details": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:03f22e965af16fe84aed7d30e7b8db00dead11d9fd4b11e3c9abb2e68dd910f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xgrammar: XGrammar affected by Denial of Service by infinite recursion grammars"
}
]
}
RHSA-2025:19426
Vulnerability from csaf_redhat - Published: 2025-11-03 07:33 - Updated: 2026-04-15 16:39Summary
Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (NVIDIA)
Severity
Important
Notes
Topic: Red Hat Enterprise Linux AI 1.5 (NVIDIA) is now available.
Details: Red Hat® Enterprise Linux® AI is a foundation model platform to seamlessly develop, test,
and run Granite family large language models (LLMs) for enterprise applications.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:a83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of important system files, creating opportunities for further compromise. While it doesn't expose data or require user interaction, it poses a high integrity risk and is especially concerning in environments that rely on automated package handling or internal tooling built on setuptools.
7.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:a83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in vLLM. A denial of service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large X-Forwarded-For header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making it exploitable by any remote user.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:a83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in xgrammar. Recursive grammar definitions could trigger infinite recursion during parsing in GrammarMatcherBase::ExpandEquivalentStackElements, leading to unbounded stack growth and a segmentation fault. This vulnerability allows remote attackers to cause a denial of service (DoS) when untrusted grammar is processed.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:a83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
36 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Enterprise Linux AI 1.5 (NVIDIA) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae Enterprise Linux\u00ae AI is a foundation model platform to seamlessly develop, test, \nand run Granite family large language models (LLMs) for enterprise applications.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19426",
"url": "https://access.redhat.com/errata/RHSA-2025:19426"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47273",
"url": "https://access.redhat.com/security/cve/CVE-2025-47273"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-48956",
"url": "https://access.redhat.com/security/cve/CVE-2025-48956"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-57809",
"url": "https://access.redhat.com/security/cve/CVE-2025-57809"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8194",
"url": "https://access.redhat.com/security/cve/CVE-2025-8194"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai",
"url": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19426.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (NVIDIA)",
"tracking": {
"current_release_date": "2026-04-15T16:39:55+00:00",
"generator": {
"date": "2026-04-15T16:39:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2025:19426",
"initial_release_date": "2025-11-03T07:33:45+00:00",
"revision_history": [
{
"date": "2025-11-03T07:33:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-03T07:33:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-15T16:39:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AI 1.5",
"product": {
"name": "Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux_ai:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:a83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124_amd64",
"product": {
"name": "registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:a83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124_amd64",
"product_id": "registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:a83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bootc-gcp-nvidia-rhel9@sha256%3Aa83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124?arch=amd64\u0026repository_url=registry.redhat.io/rhelai1\u0026tag=1.5.4-1761236079"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:a83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124_amd64 as a component of Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:a83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124_amd64"
},
"product_reference": "registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:a83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124_amd64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8194",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2025-07-28T19:00:50.076451+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2384043"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Cpython infinite loop when parsing a tarfile",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted tar archive with a Python application using the tarfile module. Furthermore, this vulnerability will cause a denial of service with no other security impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:a83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8194"
},
{
"category": "external",
"summary": "RHBZ#2384043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2384043"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8194",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8194"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/130577",
"url": "https://github.com/python/cpython/issues/130577"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/137027",
"url": "https://github.com/python/cpython/pull/137027"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/"
}
],
"release_date": "2025-07-28T18:42:44.847000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:33:45+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19426",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:a83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19426"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by adding the following code after importing the tarfile module (\"import tarfile\"):\n\n~~~\nimport tarfile\n\ndef _block_patched(self, count):\n if count \u003c 0: # pragma: no cover\n raise tarfile.InvalidHeaderError(\"invalid offset\")\n return _block_patched._orig_block(self, count)\n\n_block_patched._orig_block = tarfile.TarInfo._block\ntarfile.TarInfo._block = _block_patched\n~~~",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:a83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:a83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Cpython infinite loop when parsing a tarfile"
},
{
"cve": "CVE-2025-47273",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-05-17T16:00:41.145177+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2366982"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of important system files, creating opportunities for further compromise. While it doesn\u0027t expose data or require user interaction, it poses a high integrity risk and is especially concerning in environments that rely on automated package handling or internal tooling built on setuptools.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this vulnerability \"Moderate\" based on the impact of the damage caused by a successful exploitation and the pre-requisites.\n\n* Exploitation requires that the attacker have limited code execution access to a Python environment where they can trigger the vulnerable PackageIndex.download() function\u2014this might be via a script, plugin, or automated job. Full admin rights aren\u0027t needed but a user with no access at all will be unable to exploit this vulnerability.\n* The vulnerability impacts the integrity of the system within the same security boundary\u2014it does not enable access or compromise across trust boundaries (e.g., from one container to another or from user space to kernel).\n* Successful exploitation only allows the attacker to \"create\" new files. The vulnerability does not provide access to existing files and by an extension to any confidential information. \n* Arbitrary file writes can overwrite critical config files, executables, or scripts. This can lead to persistent code execution, system misconfiguration, or unauthorized behavior, especially in automated environments. While overwriting critical files could theoretically lead to service disruption, the vulnerability in isolation does not inherently cause denial of service. The exploit doesn\u0027t target availability directly, and in many cases, systems may continue running.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:a83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47273"
},
{
"category": "external",
"summary": "RHBZ#2366982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366982"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47273",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47273"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88",
"url": "https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b",
"url": "https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/issues/4946",
"url": "https://github.com/pypa/setuptools/issues/4946"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf",
"url": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf"
}
],
"release_date": "2025-05-17T15:46:11.399000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:33:45+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19426",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:a83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19426"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:a83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:a83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex"
},
{
"cve": "CVE-2025-48956",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2025-06-12T17:02:11.238000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372522"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM. A denial of service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large X-Forwarded-For header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making it exploitable by any remote user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: HTTP header size limit not enforced allows Denial of Service from Unauthenticated requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered Important rather than just Moderate because it enables a complete denial of service with minimal effort from a remote, unauthenticated attacker. Unlike moderate flaws that might require specific conditions, partial access, or complex exploitation chains, here a single oversized HTTP request is sufficient to exhaust server memory and crash the vLLM service. Since vLLM is often deployed as a backend for high-availability inference workloads, this creates a high-impact risk: availability is entirely compromised, all running workloads are disrupted, and recovery may require manual intervention. The lack of authentication barriers makes the attack surface fully exposed over the network, which elevates the severity beyond Moderate to Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:a83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48956"
},
{
"category": "external",
"summary": "RHBZ#2372522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48956"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/d8b736f913a59117803d6701521d2e4861701944",
"url": "https://github.com/vllm-project/vllm/commit/d8b736f913a59117803d6701521d2e4861701944"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rxc4-3w6r-4v47",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rxc4-3w6r-4v47"
}
],
"release_date": "2025-08-26T14:51:41.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:33:45+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19426",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:a83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19426"
},
{
"category": "workaround",
"details": "Until a fix is available, the risk can be reduced by running vLLM behind a reverse proxy such as Nginx, Envoy, or HAProxy with strict header size limits, ensuring that oversized requests are dropped before reaching the service. Additional safeguards like container or VM resource limits and traffic monitoring can help contain the impact, but upgrading to the patched release remains the definitive solution.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:a83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:a83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: HTTP header size limit not enforced allows Denial of Service from Unauthenticated requests"
},
{
"cve": "CVE-2025-57809",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-08-25T22:01:14.907855+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2390943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in xgrammar. Recursive grammar definitions could trigger infinite recursion during parsing in GrammarMatcherBase::ExpandEquivalentStackElements, leading to unbounded stack growth and a segmentation fault. This vulnerability allows remote attackers to cause a denial of service (DoS) when untrusted grammar is processed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xgrammar: XGrammar affected by Denial of Service by infinite recursion grammars",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered Important because it can be exploited remotely, without authentication or user interaction, and directly impacts the availability of systems that rely on xgrammar for structured output parsing. Unlike a Moderate flaw that might require unusual conditions or only cause partial degradation, the infinite recursion issue reliably leads to process termination or complete resource exhaustion when malicious input is supplied. Since xgrammar is often integrated into long-running LLM inference services or API backends, a single crafted grammar can consistently force these services into a denial-of-service state, making it a practical, high-impact attack vector. While it does not compromise confidentiality or integrity, the ease of exploitation, network accessibility, and total loss of availability elevate it from a moderate to an important security issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:a83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-57809"
},
{
"category": "external",
"summary": "RHBZ#2390943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2390943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-57809",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57809"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-57809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57809"
},
{
"category": "external",
"summary": "https://github.com/mlc-ai/xgrammar/commit/b943feacb5a1caf4d39de8ec3bf7c7ce066dcee5",
"url": "https://github.com/mlc-ai/xgrammar/commit/b943feacb5a1caf4d39de8ec3bf7c7ce066dcee5"
},
{
"category": "external",
"summary": "https://github.com/mlc-ai/xgrammar/issues/250",
"url": "https://github.com/mlc-ai/xgrammar/issues/250"
},
{
"category": "external",
"summary": "https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-5cmr-4px5-23pc",
"url": "https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-5cmr-4px5-23pc"
}
],
"release_date": "2025-08-25T21:22:00.226000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:33:45+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19426",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:a83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19426"
},
{
"category": "workaround",
"details": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:a83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:a83229f005c78e271c774f3eda26421fedbc4b8cf1ac3fe94234899c6d677124_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xgrammar: XGrammar affected by Denial of Service by infinite recursion grammars"
}
]
}
RHSA-2025:19427
Vulnerability from csaf_redhat - Published: 2025-11-03 07:33 - Updated: 2026-04-15 16:39Summary
Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (AMD)
Severity
Important
Notes
Topic: Red Hat Enterprise Linux AI 1.5 (AMD) is now available.
Details: Red Hat® Enterprise Linux® AI is a foundation model platform to seamlessly develop, test,
and run Granite family large language models (LLMs) for enterprise applications.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-amd-rhel9@sha256:c029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of important system files, creating opportunities for further compromise. While it doesn't expose data or require user interaction, it poses a high integrity risk and is especially concerning in environments that rely on automated package handling or internal tooling built on setuptools.
7.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-amd-rhel9@sha256:c029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in vLLM. A denial of service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large X-Forwarded-For header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making it exploitable by any remote user.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-amd-rhel9@sha256:c029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in xgrammar. Recursive grammar definitions could trigger infinite recursion during parsing in GrammarMatcherBase::ExpandEquivalentStackElements, leading to unbounded stack growth and a segmentation fault. This vulnerability allows remote attackers to cause a denial of service (DoS) when untrusted grammar is processed.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-amd-rhel9@sha256:c029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
36 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Enterprise Linux AI 1.5 (AMD) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae Enterprise Linux\u00ae AI is a foundation model platform to seamlessly develop, test, \nand run Granite family large language models (LLMs) for enterprise applications.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19427",
"url": "https://access.redhat.com/errata/RHSA-2025:19427"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47273",
"url": "https://access.redhat.com/security/cve/CVE-2025-47273"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-48956",
"url": "https://access.redhat.com/security/cve/CVE-2025-48956"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-57809",
"url": "https://access.redhat.com/security/cve/CVE-2025-57809"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8194",
"url": "https://access.redhat.com/security/cve/CVE-2025-8194"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai",
"url": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19427.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (AMD)",
"tracking": {
"current_release_date": "2026-04-15T16:39:55+00:00",
"generator": {
"date": "2026-04-15T16:39:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2025:19427",
"initial_release_date": "2025-11-03T07:33:53+00:00",
"revision_history": [
{
"date": "2025-11-03T07:33:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-03T07:34:05+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-15T16:39:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AI 1.5",
"product": {
"name": "Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux_ai:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhelai1/bootc-amd-rhel9@sha256:c029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f_amd64",
"product": {
"name": "registry.redhat.io/rhelai1/bootc-amd-rhel9@sha256:c029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f_amd64",
"product_id": "registry.redhat.io/rhelai1/bootc-amd-rhel9@sha256:c029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bootc-amd-rhel9@sha256%3Ac029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f?arch=amd64\u0026repository_url=registry.redhat.io/rhelai1\u0026tag=1.5.4-1761064179"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai1/bootc-amd-rhel9@sha256:c029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f_amd64 as a component of Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-amd-rhel9@sha256:c029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f_amd64"
},
"product_reference": "registry.redhat.io/rhelai1/bootc-amd-rhel9@sha256:c029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f_amd64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8194",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2025-07-28T19:00:50.076451+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2384043"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Cpython infinite loop when parsing a tarfile",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted tar archive with a Python application using the tarfile module. Furthermore, this vulnerability will cause a denial of service with no other security impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-amd-rhel9@sha256:c029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8194"
},
{
"category": "external",
"summary": "RHBZ#2384043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2384043"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8194",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8194"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/130577",
"url": "https://github.com/python/cpython/issues/130577"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/137027",
"url": "https://github.com/python/cpython/pull/137027"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/"
}
],
"release_date": "2025-07-28T18:42:44.847000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:33:53+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19427",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-amd-rhel9@sha256:c029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19427"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by adding the following code after importing the tarfile module (\"import tarfile\"):\n\n~~~\nimport tarfile\n\ndef _block_patched(self, count):\n if count \u003c 0: # pragma: no cover\n raise tarfile.InvalidHeaderError(\"invalid offset\")\n return _block_patched._orig_block(self, count)\n\n_block_patched._orig_block = tarfile.TarInfo._block\ntarfile.TarInfo._block = _block_patched\n~~~",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-amd-rhel9@sha256:c029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-amd-rhel9@sha256:c029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Cpython infinite loop when parsing a tarfile"
},
{
"cve": "CVE-2025-47273",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-05-17T16:00:41.145177+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2366982"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of important system files, creating opportunities for further compromise. While it doesn\u0027t expose data or require user interaction, it poses a high integrity risk and is especially concerning in environments that rely on automated package handling or internal tooling built on setuptools.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this vulnerability \"Moderate\" based on the impact of the damage caused by a successful exploitation and the pre-requisites.\n\n* Exploitation requires that the attacker have limited code execution access to a Python environment where they can trigger the vulnerable PackageIndex.download() function\u2014this might be via a script, plugin, or automated job. Full admin rights aren\u0027t needed but a user with no access at all will be unable to exploit this vulnerability.\n* The vulnerability impacts the integrity of the system within the same security boundary\u2014it does not enable access or compromise across trust boundaries (e.g., from one container to another or from user space to kernel).\n* Successful exploitation only allows the attacker to \"create\" new files. The vulnerability does not provide access to existing files and by an extension to any confidential information. \n* Arbitrary file writes can overwrite critical config files, executables, or scripts. This can lead to persistent code execution, system misconfiguration, or unauthorized behavior, especially in automated environments. While overwriting critical files could theoretically lead to service disruption, the vulnerability in isolation does not inherently cause denial of service. The exploit doesn\u0027t target availability directly, and in many cases, systems may continue running.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-amd-rhel9@sha256:c029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47273"
},
{
"category": "external",
"summary": "RHBZ#2366982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366982"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47273",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47273"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88",
"url": "https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b",
"url": "https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/issues/4946",
"url": "https://github.com/pypa/setuptools/issues/4946"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf",
"url": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf"
}
],
"release_date": "2025-05-17T15:46:11.399000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:33:53+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19427",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-amd-rhel9@sha256:c029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19427"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-amd-rhel9@sha256:c029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-amd-rhel9@sha256:c029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex"
},
{
"cve": "CVE-2025-48956",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2025-06-12T17:02:11.238000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372522"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM. A denial of service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large X-Forwarded-For header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making it exploitable by any remote user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: HTTP header size limit not enforced allows Denial of Service from Unauthenticated requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered Important rather than just Moderate because it enables a complete denial of service with minimal effort from a remote, unauthenticated attacker. Unlike moderate flaws that might require specific conditions, partial access, or complex exploitation chains, here a single oversized HTTP request is sufficient to exhaust server memory and crash the vLLM service. Since vLLM is often deployed as a backend for high-availability inference workloads, this creates a high-impact risk: availability is entirely compromised, all running workloads are disrupted, and recovery may require manual intervention. The lack of authentication barriers makes the attack surface fully exposed over the network, which elevates the severity beyond Moderate to Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-amd-rhel9@sha256:c029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48956"
},
{
"category": "external",
"summary": "RHBZ#2372522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48956"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/d8b736f913a59117803d6701521d2e4861701944",
"url": "https://github.com/vllm-project/vllm/commit/d8b736f913a59117803d6701521d2e4861701944"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rxc4-3w6r-4v47",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rxc4-3w6r-4v47"
}
],
"release_date": "2025-08-26T14:51:41.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:33:53+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19427",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-amd-rhel9@sha256:c029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19427"
},
{
"category": "workaround",
"details": "Until a fix is available, the risk can be reduced by running vLLM behind a reverse proxy such as Nginx, Envoy, or HAProxy with strict header size limits, ensuring that oversized requests are dropped before reaching the service. Additional safeguards like container or VM resource limits and traffic monitoring can help contain the impact, but upgrading to the patched release remains the definitive solution.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-amd-rhel9@sha256:c029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-amd-rhel9@sha256:c029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: HTTP header size limit not enforced allows Denial of Service from Unauthenticated requests"
},
{
"cve": "CVE-2025-57809",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-08-25T22:01:14.907855+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2390943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in xgrammar. Recursive grammar definitions could trigger infinite recursion during parsing in GrammarMatcherBase::ExpandEquivalentStackElements, leading to unbounded stack growth and a segmentation fault. This vulnerability allows remote attackers to cause a denial of service (DoS) when untrusted grammar is processed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xgrammar: XGrammar affected by Denial of Service by infinite recursion grammars",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered Important because it can be exploited remotely, without authentication or user interaction, and directly impacts the availability of systems that rely on xgrammar for structured output parsing. Unlike a Moderate flaw that might require unusual conditions or only cause partial degradation, the infinite recursion issue reliably leads to process termination or complete resource exhaustion when malicious input is supplied. Since xgrammar is often integrated into long-running LLM inference services or API backends, a single crafted grammar can consistently force these services into a denial-of-service state, making it a practical, high-impact attack vector. While it does not compromise confidentiality or integrity, the ease of exploitation, network accessibility, and total loss of availability elevate it from a moderate to an important security issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-amd-rhel9@sha256:c029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-57809"
},
{
"category": "external",
"summary": "RHBZ#2390943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2390943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-57809",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57809"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-57809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57809"
},
{
"category": "external",
"summary": "https://github.com/mlc-ai/xgrammar/commit/b943feacb5a1caf4d39de8ec3bf7c7ce066dcee5",
"url": "https://github.com/mlc-ai/xgrammar/commit/b943feacb5a1caf4d39de8ec3bf7c7ce066dcee5"
},
{
"category": "external",
"summary": "https://github.com/mlc-ai/xgrammar/issues/250",
"url": "https://github.com/mlc-ai/xgrammar/issues/250"
},
{
"category": "external",
"summary": "https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-5cmr-4px5-23pc",
"url": "https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-5cmr-4px5-23pc"
}
],
"release_date": "2025-08-25T21:22:00.226000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:33:53+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19427",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-amd-rhel9@sha256:c029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19427"
},
{
"category": "workaround",
"details": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-amd-rhel9@sha256:c029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-amd-rhel9@sha256:c029b66a3354ee6fd186a1f05aff31b5834e611b9d5b326b65b16829d6b98d1f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xgrammar: XGrammar affected by Denial of Service by infinite recursion grammars"
}
]
}
RHSA-2025:19428
Vulnerability from csaf_redhat - Published: 2025-11-03 07:34 - Updated: 2026-04-15 16:39Summary
Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (NVIDIA)
Severity
Important
Notes
Topic: Red Hat Enterprise Linux AI 1.5 (NVIDIA) is now available.
Details: Red Hat® Enterprise Linux® AI is a foundation model platform to seamlessly develop, test,
and run Granite family large language models (LLMs) for enterprise applications.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:0efbdee5f2ec93477b5aac5dd4c1dd9b31fe96e5e7c7dd701738ceaa86b2f2eb_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:dd412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of important system files, creating opportunities for further compromise. While it doesn't expose data or require user interaction, it poses a high integrity risk and is especially concerning in environments that rely on automated package handling or internal tooling built on setuptools.
7.1 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:0efbdee5f2ec93477b5aac5dd4c1dd9b31fe96e5e7c7dd701738ceaa86b2f2eb_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:dd412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in vLLM. A denial of service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large X-Forwarded-For header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making it exploitable by any remote user.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:0efbdee5f2ec93477b5aac5dd4c1dd9b31fe96e5e7c7dd701738ceaa86b2f2eb_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:dd412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in xgrammar. Recursive grammar definitions could trigger infinite recursion during parsing in GrammarMatcherBase::ExpandEquivalentStackElements, leading to unbounded stack growth and a segmentation fault. This vulnerability allows remote attackers to cause a denial of service (DoS) when untrusted grammar is processed.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:0efbdee5f2ec93477b5aac5dd4c1dd9b31fe96e5e7c7dd701738ceaa86b2f2eb_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:dd412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
36 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Enterprise Linux AI 1.5 (NVIDIA) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae Enterprise Linux\u00ae AI is a foundation model platform to seamlessly develop, test, \nand run Granite family large language models (LLMs) for enterprise applications.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19428",
"url": "https://access.redhat.com/errata/RHSA-2025:19428"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47273",
"url": "https://access.redhat.com/security/cve/CVE-2025-47273"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-48956",
"url": "https://access.redhat.com/security/cve/CVE-2025-48956"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-57809",
"url": "https://access.redhat.com/security/cve/CVE-2025-57809"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8194",
"url": "https://access.redhat.com/security/cve/CVE-2025-8194"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai",
"url": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19428.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (NVIDIA)",
"tracking": {
"current_release_date": "2026-04-15T16:39:56+00:00",
"generator": {
"date": "2026-04-15T16:39:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2025:19428",
"initial_release_date": "2025-11-03T07:34:08+00:00",
"revision_history": [
{
"date": "2025-11-03T07:34:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-03T07:34:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-15T16:39:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AI 1.5",
"product": {
"name": "Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux_ai:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:dd412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd_amd64",
"product": {
"name": "registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:dd412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd_amd64",
"product_id": "registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:dd412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bootc-nvidia-rhel9@sha256%3Add412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd?arch=amd64\u0026repository_url=registry.redhat.io/rhelai1\u0026tag=1.5.4-1761228838"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:0efbdee5f2ec93477b5aac5dd4c1dd9b31fe96e5e7c7dd701738ceaa86b2f2eb_arm64",
"product": {
"name": "registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:0efbdee5f2ec93477b5aac5dd4c1dd9b31fe96e5e7c7dd701738ceaa86b2f2eb_arm64",
"product_id": "registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:0efbdee5f2ec93477b5aac5dd4c1dd9b31fe96e5e7c7dd701738ceaa86b2f2eb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/bootc-nvidia-rhel9@sha256%3A0efbdee5f2ec93477b5aac5dd4c1dd9b31fe96e5e7c7dd701738ceaa86b2f2eb?arch=arm64\u0026repository_url=registry.redhat.io/rhelai1\u0026tag=1.5.4-1761228838"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:0efbdee5f2ec93477b5aac5dd4c1dd9b31fe96e5e7c7dd701738ceaa86b2f2eb_arm64 as a component of Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:0efbdee5f2ec93477b5aac5dd4c1dd9b31fe96e5e7c7dd701738ceaa86b2f2eb_arm64"
},
"product_reference": "registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:0efbdee5f2ec93477b5aac5dd4c1dd9b31fe96e5e7c7dd701738ceaa86b2f2eb_arm64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:dd412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd_amd64 as a component of Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:dd412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd_amd64"
},
"product_reference": "registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:dd412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd_amd64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8194",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2025-07-28T19:00:50.076451+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2384043"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Cpython infinite loop when parsing a tarfile",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted tar archive with a Python application using the tarfile module. Furthermore, this vulnerability will cause a denial of service with no other security impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:0efbdee5f2ec93477b5aac5dd4c1dd9b31fe96e5e7c7dd701738ceaa86b2f2eb_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:dd412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8194"
},
{
"category": "external",
"summary": "RHBZ#2384043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2384043"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8194",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8194"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/130577",
"url": "https://github.com/python/cpython/issues/130577"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/137027",
"url": "https://github.com/python/cpython/pull/137027"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/"
}
],
"release_date": "2025-07-28T18:42:44.847000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:34:08+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19428",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:0efbdee5f2ec93477b5aac5dd4c1dd9b31fe96e5e7c7dd701738ceaa86b2f2eb_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:dd412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19428"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by adding the following code after importing the tarfile module (\"import tarfile\"):\n\n~~~\nimport tarfile\n\ndef _block_patched(self, count):\n if count \u003c 0: # pragma: no cover\n raise tarfile.InvalidHeaderError(\"invalid offset\")\n return _block_patched._orig_block(self, count)\n\n_block_patched._orig_block = tarfile.TarInfo._block\ntarfile.TarInfo._block = _block_patched\n~~~",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:0efbdee5f2ec93477b5aac5dd4c1dd9b31fe96e5e7c7dd701738ceaa86b2f2eb_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:dd412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:0efbdee5f2ec93477b5aac5dd4c1dd9b31fe96e5e7c7dd701738ceaa86b2f2eb_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:dd412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Cpython infinite loop when parsing a tarfile"
},
{
"cve": "CVE-2025-47273",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-05-17T16:00:41.145177+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2366982"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of important system files, creating opportunities for further compromise. While it doesn\u0027t expose data or require user interaction, it poses a high integrity risk and is especially concerning in environments that rely on automated package handling or internal tooling built on setuptools.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this vulnerability \"Moderate\" based on the impact of the damage caused by a successful exploitation and the pre-requisites.\n\n* Exploitation requires that the attacker have limited code execution access to a Python environment where they can trigger the vulnerable PackageIndex.download() function\u2014this might be via a script, plugin, or automated job. Full admin rights aren\u0027t needed but a user with no access at all will be unable to exploit this vulnerability.\n* The vulnerability impacts the integrity of the system within the same security boundary\u2014it does not enable access or compromise across trust boundaries (e.g., from one container to another or from user space to kernel).\n* Successful exploitation only allows the attacker to \"create\" new files. The vulnerability does not provide access to existing files and by an extension to any confidential information. \n* Arbitrary file writes can overwrite critical config files, executables, or scripts. This can lead to persistent code execution, system misconfiguration, or unauthorized behavior, especially in automated environments. While overwriting critical files could theoretically lead to service disruption, the vulnerability in isolation does not inherently cause denial of service. The exploit doesn\u0027t target availability directly, and in many cases, systems may continue running.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:0efbdee5f2ec93477b5aac5dd4c1dd9b31fe96e5e7c7dd701738ceaa86b2f2eb_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:dd412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47273"
},
{
"category": "external",
"summary": "RHBZ#2366982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366982"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47273",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47273"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88",
"url": "https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b",
"url": "https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/issues/4946",
"url": "https://github.com/pypa/setuptools/issues/4946"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf",
"url": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf"
}
],
"release_date": "2025-05-17T15:46:11.399000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:34:08+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19428",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:0efbdee5f2ec93477b5aac5dd4c1dd9b31fe96e5e7c7dd701738ceaa86b2f2eb_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:dd412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19428"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:0efbdee5f2ec93477b5aac5dd4c1dd9b31fe96e5e7c7dd701738ceaa86b2f2eb_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:dd412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:0efbdee5f2ec93477b5aac5dd4c1dd9b31fe96e5e7c7dd701738ceaa86b2f2eb_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:dd412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex"
},
{
"cve": "CVE-2025-48956",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2025-06-12T17:02:11.238000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372522"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM. A denial of service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large X-Forwarded-For header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making it exploitable by any remote user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: HTTP header size limit not enforced allows Denial of Service from Unauthenticated requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered Important rather than just Moderate because it enables a complete denial of service with minimal effort from a remote, unauthenticated attacker. Unlike moderate flaws that might require specific conditions, partial access, or complex exploitation chains, here a single oversized HTTP request is sufficient to exhaust server memory and crash the vLLM service. Since vLLM is often deployed as a backend for high-availability inference workloads, this creates a high-impact risk: availability is entirely compromised, all running workloads are disrupted, and recovery may require manual intervention. The lack of authentication barriers makes the attack surface fully exposed over the network, which elevates the severity beyond Moderate to Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:0efbdee5f2ec93477b5aac5dd4c1dd9b31fe96e5e7c7dd701738ceaa86b2f2eb_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:dd412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48956"
},
{
"category": "external",
"summary": "RHBZ#2372522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48956"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/d8b736f913a59117803d6701521d2e4861701944",
"url": "https://github.com/vllm-project/vllm/commit/d8b736f913a59117803d6701521d2e4861701944"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rxc4-3w6r-4v47",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rxc4-3w6r-4v47"
}
],
"release_date": "2025-08-26T14:51:41.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:34:08+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19428",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:0efbdee5f2ec93477b5aac5dd4c1dd9b31fe96e5e7c7dd701738ceaa86b2f2eb_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:dd412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19428"
},
{
"category": "workaround",
"details": "Until a fix is available, the risk can be reduced by running vLLM behind a reverse proxy such as Nginx, Envoy, or HAProxy with strict header size limits, ensuring that oversized requests are dropped before reaching the service. Additional safeguards like container or VM resource limits and traffic monitoring can help contain the impact, but upgrading to the patched release remains the definitive solution.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:0efbdee5f2ec93477b5aac5dd4c1dd9b31fe96e5e7c7dd701738ceaa86b2f2eb_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:dd412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:0efbdee5f2ec93477b5aac5dd4c1dd9b31fe96e5e7c7dd701738ceaa86b2f2eb_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:dd412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: HTTP header size limit not enforced allows Denial of Service from Unauthenticated requests"
},
{
"cve": "CVE-2025-57809",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-08-25T22:01:14.907855+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2390943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in xgrammar. Recursive grammar definitions could trigger infinite recursion during parsing in GrammarMatcherBase::ExpandEquivalentStackElements, leading to unbounded stack growth and a segmentation fault. This vulnerability allows remote attackers to cause a denial of service (DoS) when untrusted grammar is processed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xgrammar: XGrammar affected by Denial of Service by infinite recursion grammars",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered Important because it can be exploited remotely, without authentication or user interaction, and directly impacts the availability of systems that rely on xgrammar for structured output parsing. Unlike a Moderate flaw that might require unusual conditions or only cause partial degradation, the infinite recursion issue reliably leads to process termination or complete resource exhaustion when malicious input is supplied. Since xgrammar is often integrated into long-running LLM inference services or API backends, a single crafted grammar can consistently force these services into a denial-of-service state, making it a practical, high-impact attack vector. While it does not compromise confidentiality or integrity, the ease of exploitation, network accessibility, and total loss of availability elevate it from a moderate to an important security issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:0efbdee5f2ec93477b5aac5dd4c1dd9b31fe96e5e7c7dd701738ceaa86b2f2eb_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:dd412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-57809"
},
{
"category": "external",
"summary": "RHBZ#2390943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2390943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-57809",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57809"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-57809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57809"
},
{
"category": "external",
"summary": "https://github.com/mlc-ai/xgrammar/commit/b943feacb5a1caf4d39de8ec3bf7c7ce066dcee5",
"url": "https://github.com/mlc-ai/xgrammar/commit/b943feacb5a1caf4d39de8ec3bf7c7ce066dcee5"
},
{
"category": "external",
"summary": "https://github.com/mlc-ai/xgrammar/issues/250",
"url": "https://github.com/mlc-ai/xgrammar/issues/250"
},
{
"category": "external",
"summary": "https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-5cmr-4px5-23pc",
"url": "https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-5cmr-4px5-23pc"
}
],
"release_date": "2025-08-25T21:22:00.226000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:34:08+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19428",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:0efbdee5f2ec93477b5aac5dd4c1dd9b31fe96e5e7c7dd701738ceaa86b2f2eb_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:dd412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19428"
},
{
"category": "workaround",
"details": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:0efbdee5f2ec93477b5aac5dd4c1dd9b31fe96e5e7c7dd701738ceaa86b2f2eb_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:dd412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:0efbdee5f2ec93477b5aac5dd4c1dd9b31fe96e5e7c7dd701738ceaa86b2f2eb_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:dd412fc0dde3dee492839c28f8ed003bb17fe5fe1be375031b24c84bb36fb8cd_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xgrammar: XGrammar affected by Denial of Service by infinite recursion grammars"
}
]
}
RHSA-2025:19429
Vulnerability from csaf_redhat - Published: 2025-11-03 07:34 - Updated: 2026-04-15 16:39Summary
Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (NVIDIA)
Severity
Important
Notes
Topic: Red Hat Enterprise Linux AI 1.5 (NVIDIA) is now available.
Details: Red Hat® Enterprise Linux® AI is a foundation model platform to seamlessly develop, test,
and run Granite family large language models (LLMs) for enterprise applications.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-aws-nvidia-rhel9@sha256:385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of important system files, creating opportunities for further compromise. While it doesn't expose data or require user interaction, it poses a high integrity risk and is especially concerning in environments that rely on automated package handling or internal tooling built on setuptools.
7.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-aws-nvidia-rhel9@sha256:385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in vLLM. A denial of service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large X-Forwarded-For header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making it exploitable by any remote user.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-aws-nvidia-rhel9@sha256:385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in xgrammar. Recursive grammar definitions could trigger infinite recursion during parsing in GrammarMatcherBase::ExpandEquivalentStackElements, leading to unbounded stack growth and a segmentation fault. This vulnerability allows remote attackers to cause a denial of service (DoS) when untrusted grammar is processed.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-aws-nvidia-rhel9@sha256:385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
36 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Enterprise Linux AI 1.5 (NVIDIA) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae Enterprise Linux\u00ae AI is a foundation model platform to seamlessly develop, test, \nand run Granite family large language models (LLMs) for enterprise applications.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19429",
"url": "https://access.redhat.com/errata/RHSA-2025:19429"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47273",
"url": "https://access.redhat.com/security/cve/CVE-2025-47273"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-48956",
"url": "https://access.redhat.com/security/cve/CVE-2025-48956"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-57809",
"url": "https://access.redhat.com/security/cve/CVE-2025-57809"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8194",
"url": "https://access.redhat.com/security/cve/CVE-2025-8194"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai",
"url": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19429.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (NVIDIA)",
"tracking": {
"current_release_date": "2026-04-15T16:39:56+00:00",
"generator": {
"date": "2026-04-15T16:39:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2025:19429",
"initial_release_date": "2025-11-03T07:34:38+00:00",
"revision_history": [
{
"date": "2025-11-03T07:34:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-03T07:34:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-15T16:39:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AI 1.5",
"product": {
"name": "Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux_ai:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhelai1/bootc-aws-nvidia-rhel9@sha256:385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8_amd64",
"product": {
"name": "registry.redhat.io/rhelai1/bootc-aws-nvidia-rhel9@sha256:385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8_amd64",
"product_id": "registry.redhat.io/rhelai1/bootc-aws-nvidia-rhel9@sha256:385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bootc-aws-nvidia-rhel9@sha256%3A385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8?arch=amd64\u0026repository_url=registry.redhat.io/rhelai1\u0026tag=1.5.4-1761236150"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai1/bootc-aws-nvidia-rhel9@sha256:385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8_amd64 as a component of Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-aws-nvidia-rhel9@sha256:385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8_amd64"
},
"product_reference": "registry.redhat.io/rhelai1/bootc-aws-nvidia-rhel9@sha256:385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8_amd64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8194",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2025-07-28T19:00:50.076451+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2384043"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Cpython infinite loop when parsing a tarfile",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted tar archive with a Python application using the tarfile module. Furthermore, this vulnerability will cause a denial of service with no other security impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-aws-nvidia-rhel9@sha256:385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8194"
},
{
"category": "external",
"summary": "RHBZ#2384043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2384043"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8194",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8194"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/130577",
"url": "https://github.com/python/cpython/issues/130577"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/137027",
"url": "https://github.com/python/cpython/pull/137027"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/"
}
],
"release_date": "2025-07-28T18:42:44.847000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:34:38+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19429",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-aws-nvidia-rhel9@sha256:385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19429"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by adding the following code after importing the tarfile module (\"import tarfile\"):\n\n~~~\nimport tarfile\n\ndef _block_patched(self, count):\n if count \u003c 0: # pragma: no cover\n raise tarfile.InvalidHeaderError(\"invalid offset\")\n return _block_patched._orig_block(self, count)\n\n_block_patched._orig_block = tarfile.TarInfo._block\ntarfile.TarInfo._block = _block_patched\n~~~",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-aws-nvidia-rhel9@sha256:385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-aws-nvidia-rhel9@sha256:385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Cpython infinite loop when parsing a tarfile"
},
{
"cve": "CVE-2025-47273",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-05-17T16:00:41.145177+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2366982"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of important system files, creating opportunities for further compromise. While it doesn\u0027t expose data or require user interaction, it poses a high integrity risk and is especially concerning in environments that rely on automated package handling or internal tooling built on setuptools.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this vulnerability \"Moderate\" based on the impact of the damage caused by a successful exploitation and the pre-requisites.\n\n* Exploitation requires that the attacker have limited code execution access to a Python environment where they can trigger the vulnerable PackageIndex.download() function\u2014this might be via a script, plugin, or automated job. Full admin rights aren\u0027t needed but a user with no access at all will be unable to exploit this vulnerability.\n* The vulnerability impacts the integrity of the system within the same security boundary\u2014it does not enable access or compromise across trust boundaries (e.g., from one container to another or from user space to kernel).\n* Successful exploitation only allows the attacker to \"create\" new files. The vulnerability does not provide access to existing files and by an extension to any confidential information. \n* Arbitrary file writes can overwrite critical config files, executables, or scripts. This can lead to persistent code execution, system misconfiguration, or unauthorized behavior, especially in automated environments. While overwriting critical files could theoretically lead to service disruption, the vulnerability in isolation does not inherently cause denial of service. The exploit doesn\u0027t target availability directly, and in many cases, systems may continue running.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-aws-nvidia-rhel9@sha256:385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47273"
},
{
"category": "external",
"summary": "RHBZ#2366982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366982"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47273",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47273"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88",
"url": "https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b",
"url": "https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/issues/4946",
"url": "https://github.com/pypa/setuptools/issues/4946"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf",
"url": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf"
}
],
"release_date": "2025-05-17T15:46:11.399000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:34:38+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19429",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-aws-nvidia-rhel9@sha256:385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19429"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-aws-nvidia-rhel9@sha256:385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-aws-nvidia-rhel9@sha256:385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex"
},
{
"cve": "CVE-2025-48956",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2025-06-12T17:02:11.238000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372522"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM. A denial of service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large X-Forwarded-For header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making it exploitable by any remote user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: HTTP header size limit not enforced allows Denial of Service from Unauthenticated requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered Important rather than just Moderate because it enables a complete denial of service with minimal effort from a remote, unauthenticated attacker. Unlike moderate flaws that might require specific conditions, partial access, or complex exploitation chains, here a single oversized HTTP request is sufficient to exhaust server memory and crash the vLLM service. Since vLLM is often deployed as a backend for high-availability inference workloads, this creates a high-impact risk: availability is entirely compromised, all running workloads are disrupted, and recovery may require manual intervention. The lack of authentication barriers makes the attack surface fully exposed over the network, which elevates the severity beyond Moderate to Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-aws-nvidia-rhel9@sha256:385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48956"
},
{
"category": "external",
"summary": "RHBZ#2372522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48956"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/d8b736f913a59117803d6701521d2e4861701944",
"url": "https://github.com/vllm-project/vllm/commit/d8b736f913a59117803d6701521d2e4861701944"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rxc4-3w6r-4v47",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rxc4-3w6r-4v47"
}
],
"release_date": "2025-08-26T14:51:41.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:34:38+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19429",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-aws-nvidia-rhel9@sha256:385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19429"
},
{
"category": "workaround",
"details": "Until a fix is available, the risk can be reduced by running vLLM behind a reverse proxy such as Nginx, Envoy, or HAProxy with strict header size limits, ensuring that oversized requests are dropped before reaching the service. Additional safeguards like container or VM resource limits and traffic monitoring can help contain the impact, but upgrading to the patched release remains the definitive solution.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-aws-nvidia-rhel9@sha256:385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-aws-nvidia-rhel9@sha256:385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: HTTP header size limit not enforced allows Denial of Service from Unauthenticated requests"
},
{
"cve": "CVE-2025-57809",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-08-25T22:01:14.907855+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2390943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in xgrammar. Recursive grammar definitions could trigger infinite recursion during parsing in GrammarMatcherBase::ExpandEquivalentStackElements, leading to unbounded stack growth and a segmentation fault. This vulnerability allows remote attackers to cause a denial of service (DoS) when untrusted grammar is processed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xgrammar: XGrammar affected by Denial of Service by infinite recursion grammars",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered Important because it can be exploited remotely, without authentication or user interaction, and directly impacts the availability of systems that rely on xgrammar for structured output parsing. Unlike a Moderate flaw that might require unusual conditions or only cause partial degradation, the infinite recursion issue reliably leads to process termination or complete resource exhaustion when malicious input is supplied. Since xgrammar is often integrated into long-running LLM inference services or API backends, a single crafted grammar can consistently force these services into a denial-of-service state, making it a practical, high-impact attack vector. While it does not compromise confidentiality or integrity, the ease of exploitation, network accessibility, and total loss of availability elevate it from a moderate to an important security issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-aws-nvidia-rhel9@sha256:385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-57809"
},
{
"category": "external",
"summary": "RHBZ#2390943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2390943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-57809",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57809"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-57809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57809"
},
{
"category": "external",
"summary": "https://github.com/mlc-ai/xgrammar/commit/b943feacb5a1caf4d39de8ec3bf7c7ce066dcee5",
"url": "https://github.com/mlc-ai/xgrammar/commit/b943feacb5a1caf4d39de8ec3bf7c7ce066dcee5"
},
{
"category": "external",
"summary": "https://github.com/mlc-ai/xgrammar/issues/250",
"url": "https://github.com/mlc-ai/xgrammar/issues/250"
},
{
"category": "external",
"summary": "https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-5cmr-4px5-23pc",
"url": "https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-5cmr-4px5-23pc"
}
],
"release_date": "2025-08-25T21:22:00.226000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:34:38+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19429",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-aws-nvidia-rhel9@sha256:385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19429"
},
{
"category": "workaround",
"details": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-aws-nvidia-rhel9@sha256:385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-aws-nvidia-rhel9@sha256:385028a96717418982de197f8f0a9052edf12f80a50bd8ab53ca72203a4ba5d8_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xgrammar: XGrammar affected by Denial of Service by infinite recursion grammars"
}
]
}
RHSA-2025:19430
Vulnerability from csaf_redhat - Published: 2025-11-03 07:35 - Updated: 2026-04-15 16:39Summary
Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (NVIDIA)
Severity
Important
Notes
Topic: Red Hat Enterprise Linux AI 1.5 (NVIDIA) is now available.
Details: Red Hat® Enterprise Linux® AI is a foundation model platform to seamlessly develop, test,
and run Granite family large language models (LLMs) for enterprise applications.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of important system files, creating opportunities for further compromise. While it doesn't expose data or require user interaction, it poses a high integrity risk and is especially concerning in environments that rely on automated package handling or internal tooling built on setuptools.
7.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in vLLM. A denial of service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large X-Forwarded-For header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making it exploitable by any remote user.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in xgrammar. Recursive grammar definitions could trigger infinite recursion during parsing in GrammarMatcherBase::ExpandEquivalentStackElements, leading to unbounded stack growth and a segmentation fault. This vulnerability allows remote attackers to cause a denial of service (DoS) when untrusted grammar is processed.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
36 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Enterprise Linux AI 1.5 (NVIDIA) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae Enterprise Linux\u00ae AI is a foundation model platform to seamlessly develop, test, \nand run Granite family large language models (LLMs) for enterprise applications.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19430",
"url": "https://access.redhat.com/errata/RHSA-2025:19430"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47273",
"url": "https://access.redhat.com/security/cve/CVE-2025-47273"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-48956",
"url": "https://access.redhat.com/security/cve/CVE-2025-48956"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-57809",
"url": "https://access.redhat.com/security/cve/CVE-2025-57809"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8194",
"url": "https://access.redhat.com/security/cve/CVE-2025-8194"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai",
"url": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19430.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (NVIDIA)",
"tracking": {
"current_release_date": "2026-04-15T16:39:56+00:00",
"generator": {
"date": "2026-04-15T16:39:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2025:19430",
"initial_release_date": "2025-11-03T07:35:00+00:00",
"revision_history": [
{
"date": "2025-11-03T07:35:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-03T07:35:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-15T16:39:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AI 1.5",
"product": {
"name": "Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux_ai:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf_amd64",
"product": {
"name": "registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf_amd64",
"product_id": "registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bootc-azure-nvidia-rhel9@sha256%3A427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf?arch=amd64\u0026repository_url=registry.redhat.io/rhelai1\u0026tag=1.5.4-1761238736"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf_amd64 as a component of Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf_amd64"
},
"product_reference": "registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf_amd64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8194",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2025-07-28T19:00:50.076451+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2384043"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Cpython infinite loop when parsing a tarfile",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted tar archive with a Python application using the tarfile module. Furthermore, this vulnerability will cause a denial of service with no other security impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8194"
},
{
"category": "external",
"summary": "RHBZ#2384043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2384043"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8194",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8194"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/130577",
"url": "https://github.com/python/cpython/issues/130577"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/137027",
"url": "https://github.com/python/cpython/pull/137027"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/"
}
],
"release_date": "2025-07-28T18:42:44.847000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:35:00+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19430",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19430"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by adding the following code after importing the tarfile module (\"import tarfile\"):\n\n~~~\nimport tarfile\n\ndef _block_patched(self, count):\n if count \u003c 0: # pragma: no cover\n raise tarfile.InvalidHeaderError(\"invalid offset\")\n return _block_patched._orig_block(self, count)\n\n_block_patched._orig_block = tarfile.TarInfo._block\ntarfile.TarInfo._block = _block_patched\n~~~",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Cpython infinite loop when parsing a tarfile"
},
{
"cve": "CVE-2025-47273",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-05-17T16:00:41.145177+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2366982"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of important system files, creating opportunities for further compromise. While it doesn\u0027t expose data or require user interaction, it poses a high integrity risk and is especially concerning in environments that rely on automated package handling or internal tooling built on setuptools.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this vulnerability \"Moderate\" based on the impact of the damage caused by a successful exploitation and the pre-requisites.\n\n* Exploitation requires that the attacker have limited code execution access to a Python environment where they can trigger the vulnerable PackageIndex.download() function\u2014this might be via a script, plugin, or automated job. Full admin rights aren\u0027t needed but a user with no access at all will be unable to exploit this vulnerability.\n* The vulnerability impacts the integrity of the system within the same security boundary\u2014it does not enable access or compromise across trust boundaries (e.g., from one container to another or from user space to kernel).\n* Successful exploitation only allows the attacker to \"create\" new files. The vulnerability does not provide access to existing files and by an extension to any confidential information. \n* Arbitrary file writes can overwrite critical config files, executables, or scripts. This can lead to persistent code execution, system misconfiguration, or unauthorized behavior, especially in automated environments. While overwriting critical files could theoretically lead to service disruption, the vulnerability in isolation does not inherently cause denial of service. The exploit doesn\u0027t target availability directly, and in many cases, systems may continue running.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47273"
},
{
"category": "external",
"summary": "RHBZ#2366982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366982"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47273",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47273"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88",
"url": "https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b",
"url": "https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/issues/4946",
"url": "https://github.com/pypa/setuptools/issues/4946"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf",
"url": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf"
}
],
"release_date": "2025-05-17T15:46:11.399000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:35:00+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19430",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19430"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex"
},
{
"cve": "CVE-2025-48956",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2025-06-12T17:02:11.238000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372522"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM. A denial of service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large X-Forwarded-For header to an HTTP endpoint. This results in server memory exhaustion, potentially leading to a crash or unresponsiveness. The attack does not require authentication, making it exploitable by any remote user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: HTTP header size limit not enforced allows Denial of Service from Unauthenticated requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered Important rather than just Moderate because it enables a complete denial of service with minimal effort from a remote, unauthenticated attacker. Unlike moderate flaws that might require specific conditions, partial access, or complex exploitation chains, here a single oversized HTTP request is sufficient to exhaust server memory and crash the vLLM service. Since vLLM is often deployed as a backend for high-availability inference workloads, this creates a high-impact risk: availability is entirely compromised, all running workloads are disrupted, and recovery may require manual intervention. The lack of authentication barriers makes the attack surface fully exposed over the network, which elevates the severity beyond Moderate to Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48956"
},
{
"category": "external",
"summary": "RHBZ#2372522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48956"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/d8b736f913a59117803d6701521d2e4861701944",
"url": "https://github.com/vllm-project/vllm/commit/d8b736f913a59117803d6701521d2e4861701944"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rxc4-3w6r-4v47",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-rxc4-3w6r-4v47"
}
],
"release_date": "2025-08-26T14:51:41.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:35:00+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19430",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19430"
},
{
"category": "workaround",
"details": "Until a fix is available, the risk can be reduced by running vLLM behind a reverse proxy such as Nginx, Envoy, or HAProxy with strict header size limits, ensuring that oversized requests are dropped before reaching the service. Additional safeguards like container or VM resource limits and traffic monitoring can help contain the impact, but upgrading to the patched release remains the definitive solution.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: HTTP header size limit not enforced allows Denial of Service from Unauthenticated requests"
},
{
"cve": "CVE-2025-57809",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-08-25T22:01:14.907855+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2390943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in xgrammar. Recursive grammar definitions could trigger infinite recursion during parsing in GrammarMatcherBase::ExpandEquivalentStackElements, leading to unbounded stack growth and a segmentation fault. This vulnerability allows remote attackers to cause a denial of service (DoS) when untrusted grammar is processed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xgrammar: XGrammar affected by Denial of Service by infinite recursion grammars",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered Important because it can be exploited remotely, without authentication or user interaction, and directly impacts the availability of systems that rely on xgrammar for structured output parsing. Unlike a Moderate flaw that might require unusual conditions or only cause partial degradation, the infinite recursion issue reliably leads to process termination or complete resource exhaustion when malicious input is supplied. Since xgrammar is often integrated into long-running LLM inference services or API backends, a single crafted grammar can consistently force these services into a denial-of-service state, making it a practical, high-impact attack vector. While it does not compromise confidentiality or integrity, the ease of exploitation, network accessibility, and total loss of availability elevate it from a moderate to an important security issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-57809"
},
{
"category": "external",
"summary": "RHBZ#2390943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2390943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-57809",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57809"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-57809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57809"
},
{
"category": "external",
"summary": "https://github.com/mlc-ai/xgrammar/commit/b943feacb5a1caf4d39de8ec3bf7c7ce066dcee5",
"url": "https://github.com/mlc-ai/xgrammar/commit/b943feacb5a1caf4d39de8ec3bf7c7ce066dcee5"
},
{
"category": "external",
"summary": "https://github.com/mlc-ai/xgrammar/issues/250",
"url": "https://github.com/mlc-ai/xgrammar/issues/250"
},
{
"category": "external",
"summary": "https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-5cmr-4px5-23pc",
"url": "https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-5cmr-4px5-23pc"
}
],
"release_date": "2025-08-25T21:22:00.226000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-03T07:35:00+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:19430",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19430"
},
{
"category": "workaround",
"details": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:427596ae2591a30a0218b7cfdd858ccad96178ddc2618cdf0a6e4e9af36685bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xgrammar: XGrammar affected by Denial of Service by infinite recursion grammars"
}
]
}
SUSE-SU-2025:02700-1
Vulnerability from csaf_suse - Published: 2025-08-05 09:31 - Updated: 2025-08-05 09:31Summary
Security update for python39
Severity
Moderate
Notes
Title of the patch: Security update for python39
Description of the patch: This update for python39 fixes the following issues:
- CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249).
Patchnames: SUSE-2025-2700,openSUSE-SLE-15.6-2025-2700
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.6:libpython3_9-1_0-3.9.23-150300.4.81.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libpython3_9-1_0-3.9.23-150300.4.81.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libpython3_9-1_0-3.9.23-150300.4.81.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libpython3_9-1_0-3.9.23-150300.4.81.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libpython3_9-1_0-32bit-3.9.23-150300.4.81.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-3.9.23-150300.4.81.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-3.9.23-150300.4.81.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-3.9.23-150300.4.81.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-3.9.23-150300.4.81.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-32bit-3.9.23-150300.4.81.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-base-3.9.23-150300.4.81.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-base-3.9.23-150300.4.81.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-base-3.9.23-150300.4.81.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-base-3.9.23-150300.4.81.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-base-32bit-3.9.23-150300.4.81.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-curses-3.9.23-150300.4.81.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-curses-3.9.23-150300.4.81.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-curses-3.9.23-150300.4.81.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-curses-3.9.23-150300.4.81.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-dbm-3.9.23-150300.4.81.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-dbm-3.9.23-150300.4.81.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-dbm-3.9.23-150300.4.81.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-dbm-3.9.23-150300.4.81.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-devel-3.9.23-150300.4.81.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-devel-3.9.23-150300.4.81.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-devel-3.9.23-150300.4.81.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-devel-3.9.23-150300.4.81.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-doc-3.9.23-150300.4.81.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-doc-3.9.23-150300.4.81.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-doc-3.9.23-150300.4.81.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-doc-3.9.23-150300.4.81.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-doc-devhelp-3.9.23-150300.4.81.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-doc-devhelp-3.9.23-150300.4.81.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-doc-devhelp-3.9.23-150300.4.81.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-doc-devhelp-3.9.23-150300.4.81.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-idle-3.9.23-150300.4.81.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-idle-3.9.23-150300.4.81.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-idle-3.9.23-150300.4.81.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-idle-3.9.23-150300.4.81.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-testsuite-3.9.23-150300.4.81.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-testsuite-3.9.23-150300.4.81.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-testsuite-3.9.23-150300.4.81.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-testsuite-3.9.23-150300.4.81.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-tk-3.9.23-150300.4.81.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-tk-3.9.23-150300.4.81.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-tk-3.9.23-150300.4.81.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-tk-3.9.23-150300.4.81.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-tools-3.9.23-150300.4.81.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-tools-3.9.23-150300.4.81.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-tools-3.9.23-150300.4.81.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-tools-3.9.23-150300.4.81.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python39",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python39 fixes the following issues:\n\n- CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2700,openSUSE-SLE-15.6-2025-2700",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02700-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02700-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502700-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02700-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041101.html"
},
{
"category": "self",
"summary": "SUSE Bug 1247249",
"url": "https://bugzilla.suse.com/1247249"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-8194 page",
"url": "https://www.suse.com/security/cve/CVE-2025-8194/"
}
],
"title": "Security update for python39",
"tracking": {
"current_release_date": "2025-08-05T09:31:34Z",
"generator": {
"date": "2025-08-05T09:31:34Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02700-1",
"initial_release_date": "2025-08-05T09:31:34Z",
"revision_history": [
{
"date": "2025-08-05T09:31:34Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpython3_9-1_0-3.9.23-150300.4.81.1.aarch64",
"product": {
"name": "libpython3_9-1_0-3.9.23-150300.4.81.1.aarch64",
"product_id": "libpython3_9-1_0-3.9.23-150300.4.81.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-3.9.23-150300.4.81.1.aarch64",
"product": {
"name": "python39-3.9.23-150300.4.81.1.aarch64",
"product_id": "python39-3.9.23-150300.4.81.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-base-3.9.23-150300.4.81.1.aarch64",
"product": {
"name": "python39-base-3.9.23-150300.4.81.1.aarch64",
"product_id": "python39-base-3.9.23-150300.4.81.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-curses-3.9.23-150300.4.81.1.aarch64",
"product": {
"name": "python39-curses-3.9.23-150300.4.81.1.aarch64",
"product_id": "python39-curses-3.9.23-150300.4.81.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-dbm-3.9.23-150300.4.81.1.aarch64",
"product": {
"name": "python39-dbm-3.9.23-150300.4.81.1.aarch64",
"product_id": "python39-dbm-3.9.23-150300.4.81.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-devel-3.9.23-150300.4.81.1.aarch64",
"product": {
"name": "python39-devel-3.9.23-150300.4.81.1.aarch64",
"product_id": "python39-devel-3.9.23-150300.4.81.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-doc-3.9.23-150300.4.81.1.aarch64",
"product": {
"name": "python39-doc-3.9.23-150300.4.81.1.aarch64",
"product_id": "python39-doc-3.9.23-150300.4.81.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-doc-devhelp-3.9.23-150300.4.81.1.aarch64",
"product": {
"name": "python39-doc-devhelp-3.9.23-150300.4.81.1.aarch64",
"product_id": "python39-doc-devhelp-3.9.23-150300.4.81.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-idle-3.9.23-150300.4.81.1.aarch64",
"product": {
"name": "python39-idle-3.9.23-150300.4.81.1.aarch64",
"product_id": "python39-idle-3.9.23-150300.4.81.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-testsuite-3.9.23-150300.4.81.1.aarch64",
"product": {
"name": "python39-testsuite-3.9.23-150300.4.81.1.aarch64",
"product_id": "python39-testsuite-3.9.23-150300.4.81.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-tk-3.9.23-150300.4.81.1.aarch64",
"product": {
"name": "python39-tk-3.9.23-150300.4.81.1.aarch64",
"product_id": "python39-tk-3.9.23-150300.4.81.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-tools-3.9.23-150300.4.81.1.aarch64",
"product": {
"name": "python39-tools-3.9.23-150300.4.81.1.aarch64",
"product_id": "python39-tools-3.9.23-150300.4.81.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_9-1_0-64bit-3.9.23-150300.4.81.1.aarch64_ilp32",
"product": {
"name": "libpython3_9-1_0-64bit-3.9.23-150300.4.81.1.aarch64_ilp32",
"product_id": "libpython3_9-1_0-64bit-3.9.23-150300.4.81.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "python39-64bit-3.9.23-150300.4.81.1.aarch64_ilp32",
"product": {
"name": "python39-64bit-3.9.23-150300.4.81.1.aarch64_ilp32",
"product_id": "python39-64bit-3.9.23-150300.4.81.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "python39-base-64bit-3.9.23-150300.4.81.1.aarch64_ilp32",
"product": {
"name": "python39-base-64bit-3.9.23-150300.4.81.1.aarch64_ilp32",
"product_id": "python39-base-64bit-3.9.23-150300.4.81.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_9-1_0-3.9.23-150300.4.81.1.i586",
"product": {
"name": "libpython3_9-1_0-3.9.23-150300.4.81.1.i586",
"product_id": "libpython3_9-1_0-3.9.23-150300.4.81.1.i586"
}
},
{
"category": "product_version",
"name": "python39-3.9.23-150300.4.81.1.i586",
"product": {
"name": "python39-3.9.23-150300.4.81.1.i586",
"product_id": "python39-3.9.23-150300.4.81.1.i586"
}
},
{
"category": "product_version",
"name": "python39-base-3.9.23-150300.4.81.1.i586",
"product": {
"name": "python39-base-3.9.23-150300.4.81.1.i586",
"product_id": "python39-base-3.9.23-150300.4.81.1.i586"
}
},
{
"category": "product_version",
"name": "python39-curses-3.9.23-150300.4.81.1.i586",
"product": {
"name": "python39-curses-3.9.23-150300.4.81.1.i586",
"product_id": "python39-curses-3.9.23-150300.4.81.1.i586"
}
},
{
"category": "product_version",
"name": "python39-dbm-3.9.23-150300.4.81.1.i586",
"product": {
"name": "python39-dbm-3.9.23-150300.4.81.1.i586",
"product_id": "python39-dbm-3.9.23-150300.4.81.1.i586"
}
},
{
"category": "product_version",
"name": "python39-devel-3.9.23-150300.4.81.1.i586",
"product": {
"name": "python39-devel-3.9.23-150300.4.81.1.i586",
"product_id": "python39-devel-3.9.23-150300.4.81.1.i586"
}
},
{
"category": "product_version",
"name": "python39-doc-3.9.23-150300.4.81.1.i586",
"product": {
"name": "python39-doc-3.9.23-150300.4.81.1.i586",
"product_id": "python39-doc-3.9.23-150300.4.81.1.i586"
}
},
{
"category": "product_version",
"name": "python39-doc-devhelp-3.9.23-150300.4.81.1.i586",
"product": {
"name": "python39-doc-devhelp-3.9.23-150300.4.81.1.i586",
"product_id": "python39-doc-devhelp-3.9.23-150300.4.81.1.i586"
}
},
{
"category": "product_version",
"name": "python39-idle-3.9.23-150300.4.81.1.i586",
"product": {
"name": "python39-idle-3.9.23-150300.4.81.1.i586",
"product_id": "python39-idle-3.9.23-150300.4.81.1.i586"
}
},
{
"category": "product_version",
"name": "python39-testsuite-3.9.23-150300.4.81.1.i586",
"product": {
"name": "python39-testsuite-3.9.23-150300.4.81.1.i586",
"product_id": "python39-testsuite-3.9.23-150300.4.81.1.i586"
}
},
{
"category": "product_version",
"name": "python39-tk-3.9.23-150300.4.81.1.i586",
"product": {
"name": "python39-tk-3.9.23-150300.4.81.1.i586",
"product_id": "python39-tk-3.9.23-150300.4.81.1.i586"
}
},
{
"category": "product_version",
"name": "python39-tools-3.9.23-150300.4.81.1.i586",
"product": {
"name": "python39-tools-3.9.23-150300.4.81.1.i586",
"product_id": "python39-tools-3.9.23-150300.4.81.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_9-1_0-3.9.23-150300.4.81.1.ppc64le",
"product": {
"name": "libpython3_9-1_0-3.9.23-150300.4.81.1.ppc64le",
"product_id": "libpython3_9-1_0-3.9.23-150300.4.81.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-3.9.23-150300.4.81.1.ppc64le",
"product": {
"name": "python39-3.9.23-150300.4.81.1.ppc64le",
"product_id": "python39-3.9.23-150300.4.81.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-base-3.9.23-150300.4.81.1.ppc64le",
"product": {
"name": "python39-base-3.9.23-150300.4.81.1.ppc64le",
"product_id": "python39-base-3.9.23-150300.4.81.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-curses-3.9.23-150300.4.81.1.ppc64le",
"product": {
"name": "python39-curses-3.9.23-150300.4.81.1.ppc64le",
"product_id": "python39-curses-3.9.23-150300.4.81.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-dbm-3.9.23-150300.4.81.1.ppc64le",
"product": {
"name": "python39-dbm-3.9.23-150300.4.81.1.ppc64le",
"product_id": "python39-dbm-3.9.23-150300.4.81.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-devel-3.9.23-150300.4.81.1.ppc64le",
"product": {
"name": "python39-devel-3.9.23-150300.4.81.1.ppc64le",
"product_id": "python39-devel-3.9.23-150300.4.81.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-doc-3.9.23-150300.4.81.1.ppc64le",
"product": {
"name": "python39-doc-3.9.23-150300.4.81.1.ppc64le",
"product_id": "python39-doc-3.9.23-150300.4.81.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-doc-devhelp-3.9.23-150300.4.81.1.ppc64le",
"product": {
"name": "python39-doc-devhelp-3.9.23-150300.4.81.1.ppc64le",
"product_id": "python39-doc-devhelp-3.9.23-150300.4.81.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-idle-3.9.23-150300.4.81.1.ppc64le",
"product": {
"name": "python39-idle-3.9.23-150300.4.81.1.ppc64le",
"product_id": "python39-idle-3.9.23-150300.4.81.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-testsuite-3.9.23-150300.4.81.1.ppc64le",
"product": {
"name": "python39-testsuite-3.9.23-150300.4.81.1.ppc64le",
"product_id": "python39-testsuite-3.9.23-150300.4.81.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-tk-3.9.23-150300.4.81.1.ppc64le",
"product": {
"name": "python39-tk-3.9.23-150300.4.81.1.ppc64le",
"product_id": "python39-tk-3.9.23-150300.4.81.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-tools-3.9.23-150300.4.81.1.ppc64le",
"product": {
"name": "python39-tools-3.9.23-150300.4.81.1.ppc64le",
"product_id": "python39-tools-3.9.23-150300.4.81.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_9-1_0-3.9.23-150300.4.81.1.s390x",
"product": {
"name": "libpython3_9-1_0-3.9.23-150300.4.81.1.s390x",
"product_id": "libpython3_9-1_0-3.9.23-150300.4.81.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-3.9.23-150300.4.81.1.s390x",
"product": {
"name": "python39-3.9.23-150300.4.81.1.s390x",
"product_id": "python39-3.9.23-150300.4.81.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-base-3.9.23-150300.4.81.1.s390x",
"product": {
"name": "python39-base-3.9.23-150300.4.81.1.s390x",
"product_id": "python39-base-3.9.23-150300.4.81.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-curses-3.9.23-150300.4.81.1.s390x",
"product": {
"name": "python39-curses-3.9.23-150300.4.81.1.s390x",
"product_id": "python39-curses-3.9.23-150300.4.81.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-dbm-3.9.23-150300.4.81.1.s390x",
"product": {
"name": "python39-dbm-3.9.23-150300.4.81.1.s390x",
"product_id": "python39-dbm-3.9.23-150300.4.81.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-devel-3.9.23-150300.4.81.1.s390x",
"product": {
"name": "python39-devel-3.9.23-150300.4.81.1.s390x",
"product_id": "python39-devel-3.9.23-150300.4.81.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-doc-3.9.23-150300.4.81.1.s390x",
"product": {
"name": "python39-doc-3.9.23-150300.4.81.1.s390x",
"product_id": "python39-doc-3.9.23-150300.4.81.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-doc-devhelp-3.9.23-150300.4.81.1.s390x",
"product": {
"name": "python39-doc-devhelp-3.9.23-150300.4.81.1.s390x",
"product_id": "python39-doc-devhelp-3.9.23-150300.4.81.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-idle-3.9.23-150300.4.81.1.s390x",
"product": {
"name": "python39-idle-3.9.23-150300.4.81.1.s390x",
"product_id": "python39-idle-3.9.23-150300.4.81.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-testsuite-3.9.23-150300.4.81.1.s390x",
"product": {
"name": "python39-testsuite-3.9.23-150300.4.81.1.s390x",
"product_id": "python39-testsuite-3.9.23-150300.4.81.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-tk-3.9.23-150300.4.81.1.s390x",
"product": {
"name": "python39-tk-3.9.23-150300.4.81.1.s390x",
"product_id": "python39-tk-3.9.23-150300.4.81.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-tools-3.9.23-150300.4.81.1.s390x",
"product": {
"name": "python39-tools-3.9.23-150300.4.81.1.s390x",
"product_id": "python39-tools-3.9.23-150300.4.81.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_9-1_0-3.9.23-150300.4.81.1.x86_64",
"product": {
"name": "libpython3_9-1_0-3.9.23-150300.4.81.1.x86_64",
"product_id": "libpython3_9-1_0-3.9.23-150300.4.81.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpython3_9-1_0-32bit-3.9.23-150300.4.81.1.x86_64",
"product": {
"name": "libpython3_9-1_0-32bit-3.9.23-150300.4.81.1.x86_64",
"product_id": "libpython3_9-1_0-32bit-3.9.23-150300.4.81.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-3.9.23-150300.4.81.1.x86_64",
"product": {
"name": "python39-3.9.23-150300.4.81.1.x86_64",
"product_id": "python39-3.9.23-150300.4.81.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-32bit-3.9.23-150300.4.81.1.x86_64",
"product": {
"name": "python39-32bit-3.9.23-150300.4.81.1.x86_64",
"product_id": "python39-32bit-3.9.23-150300.4.81.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-base-3.9.23-150300.4.81.1.x86_64",
"product": {
"name": "python39-base-3.9.23-150300.4.81.1.x86_64",
"product_id": "python39-base-3.9.23-150300.4.81.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-base-32bit-3.9.23-150300.4.81.1.x86_64",
"product": {
"name": "python39-base-32bit-3.9.23-150300.4.81.1.x86_64",
"product_id": "python39-base-32bit-3.9.23-150300.4.81.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-curses-3.9.23-150300.4.81.1.x86_64",
"product": {
"name": "python39-curses-3.9.23-150300.4.81.1.x86_64",
"product_id": "python39-curses-3.9.23-150300.4.81.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-dbm-3.9.23-150300.4.81.1.x86_64",
"product": {
"name": "python39-dbm-3.9.23-150300.4.81.1.x86_64",
"product_id": "python39-dbm-3.9.23-150300.4.81.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-devel-3.9.23-150300.4.81.1.x86_64",
"product": {
"name": "python39-devel-3.9.23-150300.4.81.1.x86_64",
"product_id": "python39-devel-3.9.23-150300.4.81.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-doc-3.9.23-150300.4.81.1.x86_64",
"product": {
"name": "python39-doc-3.9.23-150300.4.81.1.x86_64",
"product_id": "python39-doc-3.9.23-150300.4.81.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-doc-devhelp-3.9.23-150300.4.81.1.x86_64",
"product": {
"name": "python39-doc-devhelp-3.9.23-150300.4.81.1.x86_64",
"product_id": "python39-doc-devhelp-3.9.23-150300.4.81.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-idle-3.9.23-150300.4.81.1.x86_64",
"product": {
"name": "python39-idle-3.9.23-150300.4.81.1.x86_64",
"product_id": "python39-idle-3.9.23-150300.4.81.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-testsuite-3.9.23-150300.4.81.1.x86_64",
"product": {
"name": "python39-testsuite-3.9.23-150300.4.81.1.x86_64",
"product_id": "python39-testsuite-3.9.23-150300.4.81.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-tk-3.9.23-150300.4.81.1.x86_64",
"product": {
"name": "python39-tk-3.9.23-150300.4.81.1.x86_64",
"product_id": "python39-tk-3.9.23-150300.4.81.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-tools-3.9.23-150300.4.81.1.x86_64",
"product": {
"name": "python39-tools-3.9.23-150300.4.81.1.x86_64",
"product_id": "python39-tools-3.9.23-150300.4.81.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_9-1_0-3.9.23-150300.4.81.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython3_9-1_0-3.9.23-150300.4.81.1.aarch64"
},
"product_reference": "libpython3_9-1_0-3.9.23-150300.4.81.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_9-1_0-3.9.23-150300.4.81.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython3_9-1_0-3.9.23-150300.4.81.1.ppc64le"
},
"product_reference": "libpython3_9-1_0-3.9.23-150300.4.81.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_9-1_0-3.9.23-150300.4.81.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython3_9-1_0-3.9.23-150300.4.81.1.s390x"
},
"product_reference": "libpython3_9-1_0-3.9.23-150300.4.81.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_9-1_0-3.9.23-150300.4.81.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython3_9-1_0-3.9.23-150300.4.81.1.x86_64"
},
"product_reference": "libpython3_9-1_0-3.9.23-150300.4.81.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_9-1_0-32bit-3.9.23-150300.4.81.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython3_9-1_0-32bit-3.9.23-150300.4.81.1.x86_64"
},
"product_reference": "libpython3_9-1_0-32bit-3.9.23-150300.4.81.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-3.9.23-150300.4.81.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-3.9.23-150300.4.81.1.aarch64"
},
"product_reference": "python39-3.9.23-150300.4.81.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-3.9.23-150300.4.81.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-3.9.23-150300.4.81.1.ppc64le"
},
"product_reference": "python39-3.9.23-150300.4.81.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-3.9.23-150300.4.81.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-3.9.23-150300.4.81.1.s390x"
},
"product_reference": "python39-3.9.23-150300.4.81.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-3.9.23-150300.4.81.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-3.9.23-150300.4.81.1.x86_64"
},
"product_reference": "python39-3.9.23-150300.4.81.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-32bit-3.9.23-150300.4.81.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-32bit-3.9.23-150300.4.81.1.x86_64"
},
"product_reference": "python39-32bit-3.9.23-150300.4.81.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-base-3.9.23-150300.4.81.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-base-3.9.23-150300.4.81.1.aarch64"
},
"product_reference": "python39-base-3.9.23-150300.4.81.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-base-3.9.23-150300.4.81.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-base-3.9.23-150300.4.81.1.ppc64le"
},
"product_reference": "python39-base-3.9.23-150300.4.81.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-base-3.9.23-150300.4.81.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-base-3.9.23-150300.4.81.1.s390x"
},
"product_reference": "python39-base-3.9.23-150300.4.81.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-base-3.9.23-150300.4.81.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-base-3.9.23-150300.4.81.1.x86_64"
},
"product_reference": "python39-base-3.9.23-150300.4.81.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-base-32bit-3.9.23-150300.4.81.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-base-32bit-3.9.23-150300.4.81.1.x86_64"
},
"product_reference": "python39-base-32bit-3.9.23-150300.4.81.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-curses-3.9.23-150300.4.81.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-curses-3.9.23-150300.4.81.1.aarch64"
},
"product_reference": "python39-curses-3.9.23-150300.4.81.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-curses-3.9.23-150300.4.81.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-curses-3.9.23-150300.4.81.1.ppc64le"
},
"product_reference": "python39-curses-3.9.23-150300.4.81.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-curses-3.9.23-150300.4.81.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-curses-3.9.23-150300.4.81.1.s390x"
},
"product_reference": "python39-curses-3.9.23-150300.4.81.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-curses-3.9.23-150300.4.81.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-curses-3.9.23-150300.4.81.1.x86_64"
},
"product_reference": "python39-curses-3.9.23-150300.4.81.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-dbm-3.9.23-150300.4.81.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-dbm-3.9.23-150300.4.81.1.aarch64"
},
"product_reference": "python39-dbm-3.9.23-150300.4.81.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-dbm-3.9.23-150300.4.81.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-dbm-3.9.23-150300.4.81.1.ppc64le"
},
"product_reference": "python39-dbm-3.9.23-150300.4.81.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-dbm-3.9.23-150300.4.81.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-dbm-3.9.23-150300.4.81.1.s390x"
},
"product_reference": "python39-dbm-3.9.23-150300.4.81.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-dbm-3.9.23-150300.4.81.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-dbm-3.9.23-150300.4.81.1.x86_64"
},
"product_reference": "python39-dbm-3.9.23-150300.4.81.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-devel-3.9.23-150300.4.81.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-devel-3.9.23-150300.4.81.1.aarch64"
},
"product_reference": "python39-devel-3.9.23-150300.4.81.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-devel-3.9.23-150300.4.81.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-devel-3.9.23-150300.4.81.1.ppc64le"
},
"product_reference": "python39-devel-3.9.23-150300.4.81.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-devel-3.9.23-150300.4.81.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-devel-3.9.23-150300.4.81.1.s390x"
},
"product_reference": "python39-devel-3.9.23-150300.4.81.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-devel-3.9.23-150300.4.81.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-devel-3.9.23-150300.4.81.1.x86_64"
},
"product_reference": "python39-devel-3.9.23-150300.4.81.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-doc-3.9.23-150300.4.81.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-doc-3.9.23-150300.4.81.1.aarch64"
},
"product_reference": "python39-doc-3.9.23-150300.4.81.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-doc-3.9.23-150300.4.81.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-doc-3.9.23-150300.4.81.1.ppc64le"
},
"product_reference": "python39-doc-3.9.23-150300.4.81.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-doc-3.9.23-150300.4.81.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-doc-3.9.23-150300.4.81.1.s390x"
},
"product_reference": "python39-doc-3.9.23-150300.4.81.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-doc-3.9.23-150300.4.81.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-doc-3.9.23-150300.4.81.1.x86_64"
},
"product_reference": "python39-doc-3.9.23-150300.4.81.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-doc-devhelp-3.9.23-150300.4.81.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-doc-devhelp-3.9.23-150300.4.81.1.aarch64"
},
"product_reference": "python39-doc-devhelp-3.9.23-150300.4.81.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-doc-devhelp-3.9.23-150300.4.81.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-doc-devhelp-3.9.23-150300.4.81.1.ppc64le"
},
"product_reference": "python39-doc-devhelp-3.9.23-150300.4.81.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-doc-devhelp-3.9.23-150300.4.81.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-doc-devhelp-3.9.23-150300.4.81.1.s390x"
},
"product_reference": "python39-doc-devhelp-3.9.23-150300.4.81.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-doc-devhelp-3.9.23-150300.4.81.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-doc-devhelp-3.9.23-150300.4.81.1.x86_64"
},
"product_reference": "python39-doc-devhelp-3.9.23-150300.4.81.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-idle-3.9.23-150300.4.81.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-idle-3.9.23-150300.4.81.1.aarch64"
},
"product_reference": "python39-idle-3.9.23-150300.4.81.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-idle-3.9.23-150300.4.81.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-idle-3.9.23-150300.4.81.1.ppc64le"
},
"product_reference": "python39-idle-3.9.23-150300.4.81.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-idle-3.9.23-150300.4.81.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-idle-3.9.23-150300.4.81.1.s390x"
},
"product_reference": "python39-idle-3.9.23-150300.4.81.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-idle-3.9.23-150300.4.81.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-idle-3.9.23-150300.4.81.1.x86_64"
},
"product_reference": "python39-idle-3.9.23-150300.4.81.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-testsuite-3.9.23-150300.4.81.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-testsuite-3.9.23-150300.4.81.1.aarch64"
},
"product_reference": "python39-testsuite-3.9.23-150300.4.81.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-testsuite-3.9.23-150300.4.81.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-testsuite-3.9.23-150300.4.81.1.ppc64le"
},
"product_reference": "python39-testsuite-3.9.23-150300.4.81.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-testsuite-3.9.23-150300.4.81.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-testsuite-3.9.23-150300.4.81.1.s390x"
},
"product_reference": "python39-testsuite-3.9.23-150300.4.81.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-testsuite-3.9.23-150300.4.81.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-testsuite-3.9.23-150300.4.81.1.x86_64"
},
"product_reference": "python39-testsuite-3.9.23-150300.4.81.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tk-3.9.23-150300.4.81.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-tk-3.9.23-150300.4.81.1.aarch64"
},
"product_reference": "python39-tk-3.9.23-150300.4.81.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tk-3.9.23-150300.4.81.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-tk-3.9.23-150300.4.81.1.ppc64le"
},
"product_reference": "python39-tk-3.9.23-150300.4.81.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tk-3.9.23-150300.4.81.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-tk-3.9.23-150300.4.81.1.s390x"
},
"product_reference": "python39-tk-3.9.23-150300.4.81.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tk-3.9.23-150300.4.81.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-tk-3.9.23-150300.4.81.1.x86_64"
},
"product_reference": "python39-tk-3.9.23-150300.4.81.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tools-3.9.23-150300.4.81.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-tools-3.9.23-150300.4.81.1.aarch64"
},
"product_reference": "python39-tools-3.9.23-150300.4.81.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tools-3.9.23-150300.4.81.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-tools-3.9.23-150300.4.81.1.ppc64le"
},
"product_reference": "python39-tools-3.9.23-150300.4.81.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tools-3.9.23-150300.4.81.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-tools-3.9.23-150300.4.81.1.s390x"
},
"product_reference": "python39-tools-3.9.23-150300.4.81.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-tools-3.9.23-150300.4.81.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-tools-3.9.23-150300.4.81.1.x86_64"
},
"product_reference": "python39-tools-3.9.23-150300.4.81.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-8194"
}
],
"notes": [
{
"category": "general",
"text": "There is a defect in the CPython \"tarfile\" module affecting the \"TarFile\" extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. \n\nThis vulnerability can be mitigated by including the following patch after importing the \"tarfile\" module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.6:libpython3_9-1_0-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:libpython3_9-1_0-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:libpython3_9-1_0-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:libpython3_9-1_0-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:libpython3_9-1_0-32bit-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-32bit-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-base-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-base-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-base-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-base-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-base-32bit-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-curses-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-curses-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-curses-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-curses-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-dbm-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-dbm-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-dbm-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-dbm-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-devel-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-devel-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-devel-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-devel-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-doc-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-doc-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-doc-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-doc-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-doc-devhelp-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-doc-devhelp-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-doc-devhelp-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-doc-devhelp-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-idle-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-idle-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-idle-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-idle-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-testsuite-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-testsuite-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-testsuite-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-testsuite-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-tk-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-tk-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-tk-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-tk-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-tools-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-tools-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-tools-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-tools-3.9.23-150300.4.81.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-8194",
"url": "https://www.suse.com/security/cve/CVE-2025-8194"
},
{
"category": "external",
"summary": "SUSE Bug 1247249 for CVE-2025-8194",
"url": "https://bugzilla.suse.com/1247249"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.6:libpython3_9-1_0-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:libpython3_9-1_0-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:libpython3_9-1_0-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:libpython3_9-1_0-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:libpython3_9-1_0-32bit-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-32bit-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-base-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-base-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-base-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-base-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-base-32bit-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-curses-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-curses-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-curses-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-curses-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-dbm-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-dbm-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-dbm-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-dbm-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-devel-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-devel-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-devel-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-devel-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-doc-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-doc-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-doc-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-doc-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-doc-devhelp-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-doc-devhelp-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-doc-devhelp-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-doc-devhelp-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-idle-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-idle-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-idle-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-idle-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-testsuite-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-testsuite-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-testsuite-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-testsuite-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-tk-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-tk-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-tk-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-tk-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-tools-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-tools-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-tools-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-tools-3.9.23-150300.4.81.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.6:libpython3_9-1_0-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:libpython3_9-1_0-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:libpython3_9-1_0-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:libpython3_9-1_0-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:libpython3_9-1_0-32bit-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-32bit-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-base-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-base-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-base-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-base-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-base-32bit-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-curses-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-curses-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-curses-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-curses-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-dbm-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-dbm-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-dbm-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-dbm-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-devel-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-devel-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-devel-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-devel-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-doc-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-doc-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-doc-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-doc-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-doc-devhelp-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-doc-devhelp-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-doc-devhelp-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-doc-devhelp-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-idle-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-idle-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-idle-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-idle-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-testsuite-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-testsuite-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-testsuite-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-testsuite-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-tk-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-tk-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-tk-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-tk-3.9.23-150300.4.81.1.x86_64",
"openSUSE Leap 15.6:python39-tools-3.9.23-150300.4.81.1.aarch64",
"openSUSE Leap 15.6:python39-tools-3.9.23-150300.4.81.1.ppc64le",
"openSUSE Leap 15.6:python39-tools-3.9.23-150300.4.81.1.s390x",
"openSUSE Leap 15.6:python39-tools-3.9.23-150300.4.81.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-05T09:31:34Z",
"details": "moderate"
}
],
"title": "CVE-2025-8194"
}
]
}
SUSE-SU-2025:02701-1
Vulnerability from csaf_suse - Published: 2025-08-05 09:32 - Updated: 2025-08-05 09:32Summary
Security update for python
Severity
Moderate
Notes
Title of the patch: Security update for python
Description of the patch: This update for python fixes the following issues:
- CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249).
Patchnames: SUSE-2025-2701,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2701,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2701,openSUSE-SLE-15.6-2025-2701
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
93 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.83.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.83.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.83.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.83.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.83.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.83.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.83.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.83.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.83.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.83.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.83.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.83.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.83.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.83.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.83.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.83.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.83.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.83.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.83.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.83.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.83.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.83.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.83.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.83.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.83.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.83.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.83.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.83.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.83.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.83.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.83.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.83.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.83.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.83.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.83.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.83.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.83.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.83.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.83.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.83.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.83.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.83.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.83.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.83.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.83.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.83.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.83.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.83.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.83.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.83.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.83.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.83.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libpython2_7-1_0-32bit-2.7.18-150000.83.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-2.7.18-150000.83.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-2.7.18-150000.83.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-2.7.18-150000.83.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-2.7.18-150000.83.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-32bit-2.7.18-150000.83.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-base-2.7.18-150000.83.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-base-2.7.18-150000.83.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-base-2.7.18-150000.83.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-base-2.7.18-150000.83.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-base-32bit-2.7.18-150000.83.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-curses-2.7.18-150000.83.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-curses-2.7.18-150000.83.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-curses-2.7.18-150000.83.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-curses-2.7.18-150000.83.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-demo-2.7.18-150000.83.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-demo-2.7.18-150000.83.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-demo-2.7.18-150000.83.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-demo-2.7.18-150000.83.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-devel-2.7.18-150000.83.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-devel-2.7.18-150000.83.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-devel-2.7.18-150000.83.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-devel-2.7.18-150000.83.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-doc-2.7.18-150000.83.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-doc-pdf-2.7.18-150000.83.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-gdbm-2.7.18-150000.83.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-gdbm-2.7.18-150000.83.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-gdbm-2.7.18-150000.83.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-gdbm-2.7.18-150000.83.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-idle-2.7.18-150000.83.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-idle-2.7.18-150000.83.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-idle-2.7.18-150000.83.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-idle-2.7.18-150000.83.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-tk-2.7.18-150000.83.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-tk-2.7.18-150000.83.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-tk-2.7.18-150000.83.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-tk-2.7.18-150000.83.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-xml-2.7.18-150000.83.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-xml-2.7.18-150000.83.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-xml-2.7.18-150000.83.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python-xml-2.7.18-150000.83.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python fixes the following issues:\n\n- CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2701,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-2701,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2701,openSUSE-SLE-15.6-2025-2701",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02701-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02701-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502701-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02701-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041100.html"
},
{
"category": "self",
"summary": "SUSE Bug 1247249",
"url": "https://bugzilla.suse.com/1247249"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-8194 page",
"url": "https://www.suse.com/security/cve/CVE-2025-8194/"
}
],
"title": "Security update for python",
"tracking": {
"current_release_date": "2025-08-05T09:32:02Z",
"generator": {
"date": "2025-08-05T09:32:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02701-1",
"initial_release_date": "2025-08-05T09:32:02Z",
"revision_history": [
{
"date": "2025-08-05T09:32:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpython2_7-1_0-2.7.18-150000.83.1.aarch64",
"product": {
"name": "libpython2_7-1_0-2.7.18-150000.83.1.aarch64",
"product_id": "libpython2_7-1_0-2.7.18-150000.83.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-2.7.18-150000.83.1.aarch64",
"product": {
"name": "python-2.7.18-150000.83.1.aarch64",
"product_id": "python-2.7.18-150000.83.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-base-2.7.18-150000.83.1.aarch64",
"product": {
"name": "python-base-2.7.18-150000.83.1.aarch64",
"product_id": "python-base-2.7.18-150000.83.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-curses-2.7.18-150000.83.1.aarch64",
"product": {
"name": "python-curses-2.7.18-150000.83.1.aarch64",
"product_id": "python-curses-2.7.18-150000.83.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-demo-2.7.18-150000.83.1.aarch64",
"product": {
"name": "python-demo-2.7.18-150000.83.1.aarch64",
"product_id": "python-demo-2.7.18-150000.83.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-devel-2.7.18-150000.83.1.aarch64",
"product": {
"name": "python-devel-2.7.18-150000.83.1.aarch64",
"product_id": "python-devel-2.7.18-150000.83.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-gdbm-2.7.18-150000.83.1.aarch64",
"product": {
"name": "python-gdbm-2.7.18-150000.83.1.aarch64",
"product_id": "python-gdbm-2.7.18-150000.83.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-idle-2.7.18-150000.83.1.aarch64",
"product": {
"name": "python-idle-2.7.18-150000.83.1.aarch64",
"product_id": "python-idle-2.7.18-150000.83.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-tk-2.7.18-150000.83.1.aarch64",
"product": {
"name": "python-tk-2.7.18-150000.83.1.aarch64",
"product_id": "python-tk-2.7.18-150000.83.1.aarch64"
}
},
{
"category": "product_version",
"name": "python-xml-2.7.18-150000.83.1.aarch64",
"product": {
"name": "python-xml-2.7.18-150000.83.1.aarch64",
"product_id": "python-xml-2.7.18-150000.83.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython2_7-1_0-64bit-2.7.18-150000.83.1.aarch64_ilp32",
"product": {
"name": "libpython2_7-1_0-64bit-2.7.18-150000.83.1.aarch64_ilp32",
"product_id": "libpython2_7-1_0-64bit-2.7.18-150000.83.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "python-64bit-2.7.18-150000.83.1.aarch64_ilp32",
"product": {
"name": "python-64bit-2.7.18-150000.83.1.aarch64_ilp32",
"product_id": "python-64bit-2.7.18-150000.83.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "python-base-64bit-2.7.18-150000.83.1.aarch64_ilp32",
"product": {
"name": "python-base-64bit-2.7.18-150000.83.1.aarch64_ilp32",
"product_id": "python-base-64bit-2.7.18-150000.83.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython2_7-1_0-2.7.18-150000.83.1.i586",
"product": {
"name": "libpython2_7-1_0-2.7.18-150000.83.1.i586",
"product_id": "libpython2_7-1_0-2.7.18-150000.83.1.i586"
}
},
{
"category": "product_version",
"name": "python-2.7.18-150000.83.1.i586",
"product": {
"name": "python-2.7.18-150000.83.1.i586",
"product_id": "python-2.7.18-150000.83.1.i586"
}
},
{
"category": "product_version",
"name": "python-base-2.7.18-150000.83.1.i586",
"product": {
"name": "python-base-2.7.18-150000.83.1.i586",
"product_id": "python-base-2.7.18-150000.83.1.i586"
}
},
{
"category": "product_version",
"name": "python-curses-2.7.18-150000.83.1.i586",
"product": {
"name": "python-curses-2.7.18-150000.83.1.i586",
"product_id": "python-curses-2.7.18-150000.83.1.i586"
}
},
{
"category": "product_version",
"name": "python-demo-2.7.18-150000.83.1.i586",
"product": {
"name": "python-demo-2.7.18-150000.83.1.i586",
"product_id": "python-demo-2.7.18-150000.83.1.i586"
}
},
{
"category": "product_version",
"name": "python-devel-2.7.18-150000.83.1.i586",
"product": {
"name": "python-devel-2.7.18-150000.83.1.i586",
"product_id": "python-devel-2.7.18-150000.83.1.i586"
}
},
{
"category": "product_version",
"name": "python-gdbm-2.7.18-150000.83.1.i586",
"product": {
"name": "python-gdbm-2.7.18-150000.83.1.i586",
"product_id": "python-gdbm-2.7.18-150000.83.1.i586"
}
},
{
"category": "product_version",
"name": "python-idle-2.7.18-150000.83.1.i586",
"product": {
"name": "python-idle-2.7.18-150000.83.1.i586",
"product_id": "python-idle-2.7.18-150000.83.1.i586"
}
},
{
"category": "product_version",
"name": "python-tk-2.7.18-150000.83.1.i586",
"product": {
"name": "python-tk-2.7.18-150000.83.1.i586",
"product_id": "python-tk-2.7.18-150000.83.1.i586"
}
},
{
"category": "product_version",
"name": "python-xml-2.7.18-150000.83.1.i586",
"product": {
"name": "python-xml-2.7.18-150000.83.1.i586",
"product_id": "python-xml-2.7.18-150000.83.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "python-doc-2.7.18-150000.83.1.noarch",
"product": {
"name": "python-doc-2.7.18-150000.83.1.noarch",
"product_id": "python-doc-2.7.18-150000.83.1.noarch"
}
},
{
"category": "product_version",
"name": "python-doc-pdf-2.7.18-150000.83.1.noarch",
"product": {
"name": "python-doc-pdf-2.7.18-150000.83.1.noarch",
"product_id": "python-doc-pdf-2.7.18-150000.83.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython2_7-1_0-2.7.18-150000.83.1.ppc64le",
"product": {
"name": "libpython2_7-1_0-2.7.18-150000.83.1.ppc64le",
"product_id": "libpython2_7-1_0-2.7.18-150000.83.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-2.7.18-150000.83.1.ppc64le",
"product": {
"name": "python-2.7.18-150000.83.1.ppc64le",
"product_id": "python-2.7.18-150000.83.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-base-2.7.18-150000.83.1.ppc64le",
"product": {
"name": "python-base-2.7.18-150000.83.1.ppc64le",
"product_id": "python-base-2.7.18-150000.83.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-curses-2.7.18-150000.83.1.ppc64le",
"product": {
"name": "python-curses-2.7.18-150000.83.1.ppc64le",
"product_id": "python-curses-2.7.18-150000.83.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-demo-2.7.18-150000.83.1.ppc64le",
"product": {
"name": "python-demo-2.7.18-150000.83.1.ppc64le",
"product_id": "python-demo-2.7.18-150000.83.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-devel-2.7.18-150000.83.1.ppc64le",
"product": {
"name": "python-devel-2.7.18-150000.83.1.ppc64le",
"product_id": "python-devel-2.7.18-150000.83.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-gdbm-2.7.18-150000.83.1.ppc64le",
"product": {
"name": "python-gdbm-2.7.18-150000.83.1.ppc64le",
"product_id": "python-gdbm-2.7.18-150000.83.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-idle-2.7.18-150000.83.1.ppc64le",
"product": {
"name": "python-idle-2.7.18-150000.83.1.ppc64le",
"product_id": "python-idle-2.7.18-150000.83.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-tk-2.7.18-150000.83.1.ppc64le",
"product": {
"name": "python-tk-2.7.18-150000.83.1.ppc64le",
"product_id": "python-tk-2.7.18-150000.83.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python-xml-2.7.18-150000.83.1.ppc64le",
"product": {
"name": "python-xml-2.7.18-150000.83.1.ppc64le",
"product_id": "python-xml-2.7.18-150000.83.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython2_7-1_0-2.7.18-150000.83.1.s390x",
"product": {
"name": "libpython2_7-1_0-2.7.18-150000.83.1.s390x",
"product_id": "libpython2_7-1_0-2.7.18-150000.83.1.s390x"
}
},
{
"category": "product_version",
"name": "python-2.7.18-150000.83.1.s390x",
"product": {
"name": "python-2.7.18-150000.83.1.s390x",
"product_id": "python-2.7.18-150000.83.1.s390x"
}
},
{
"category": "product_version",
"name": "python-base-2.7.18-150000.83.1.s390x",
"product": {
"name": "python-base-2.7.18-150000.83.1.s390x",
"product_id": "python-base-2.7.18-150000.83.1.s390x"
}
},
{
"category": "product_version",
"name": "python-curses-2.7.18-150000.83.1.s390x",
"product": {
"name": "python-curses-2.7.18-150000.83.1.s390x",
"product_id": "python-curses-2.7.18-150000.83.1.s390x"
}
},
{
"category": "product_version",
"name": "python-demo-2.7.18-150000.83.1.s390x",
"product": {
"name": "python-demo-2.7.18-150000.83.1.s390x",
"product_id": "python-demo-2.7.18-150000.83.1.s390x"
}
},
{
"category": "product_version",
"name": "python-devel-2.7.18-150000.83.1.s390x",
"product": {
"name": "python-devel-2.7.18-150000.83.1.s390x",
"product_id": "python-devel-2.7.18-150000.83.1.s390x"
}
},
{
"category": "product_version",
"name": "python-gdbm-2.7.18-150000.83.1.s390x",
"product": {
"name": "python-gdbm-2.7.18-150000.83.1.s390x",
"product_id": "python-gdbm-2.7.18-150000.83.1.s390x"
}
},
{
"category": "product_version",
"name": "python-idle-2.7.18-150000.83.1.s390x",
"product": {
"name": "python-idle-2.7.18-150000.83.1.s390x",
"product_id": "python-idle-2.7.18-150000.83.1.s390x"
}
},
{
"category": "product_version",
"name": "python-tk-2.7.18-150000.83.1.s390x",
"product": {
"name": "python-tk-2.7.18-150000.83.1.s390x",
"product_id": "python-tk-2.7.18-150000.83.1.s390x"
}
},
{
"category": "product_version",
"name": "python-xml-2.7.18-150000.83.1.s390x",
"product": {
"name": "python-xml-2.7.18-150000.83.1.s390x",
"product_id": "python-xml-2.7.18-150000.83.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython2_7-1_0-2.7.18-150000.83.1.x86_64",
"product": {
"name": "libpython2_7-1_0-2.7.18-150000.83.1.x86_64",
"product_id": "libpython2_7-1_0-2.7.18-150000.83.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpython2_7-1_0-32bit-2.7.18-150000.83.1.x86_64",
"product": {
"name": "libpython2_7-1_0-32bit-2.7.18-150000.83.1.x86_64",
"product_id": "libpython2_7-1_0-32bit-2.7.18-150000.83.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-2.7.18-150000.83.1.x86_64",
"product": {
"name": "python-2.7.18-150000.83.1.x86_64",
"product_id": "python-2.7.18-150000.83.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-32bit-2.7.18-150000.83.1.x86_64",
"product": {
"name": "python-32bit-2.7.18-150000.83.1.x86_64",
"product_id": "python-32bit-2.7.18-150000.83.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-base-2.7.18-150000.83.1.x86_64",
"product": {
"name": "python-base-2.7.18-150000.83.1.x86_64",
"product_id": "python-base-2.7.18-150000.83.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-base-32bit-2.7.18-150000.83.1.x86_64",
"product": {
"name": "python-base-32bit-2.7.18-150000.83.1.x86_64",
"product_id": "python-base-32bit-2.7.18-150000.83.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-curses-2.7.18-150000.83.1.x86_64",
"product": {
"name": "python-curses-2.7.18-150000.83.1.x86_64",
"product_id": "python-curses-2.7.18-150000.83.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-demo-2.7.18-150000.83.1.x86_64",
"product": {
"name": "python-demo-2.7.18-150000.83.1.x86_64",
"product_id": "python-demo-2.7.18-150000.83.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-devel-2.7.18-150000.83.1.x86_64",
"product": {
"name": "python-devel-2.7.18-150000.83.1.x86_64",
"product_id": "python-devel-2.7.18-150000.83.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-gdbm-2.7.18-150000.83.1.x86_64",
"product": {
"name": "python-gdbm-2.7.18-150000.83.1.x86_64",
"product_id": "python-gdbm-2.7.18-150000.83.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-idle-2.7.18-150000.83.1.x86_64",
"product": {
"name": "python-idle-2.7.18-150000.83.1.x86_64",
"product_id": "python-idle-2.7.18-150000.83.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-tk-2.7.18-150000.83.1.x86_64",
"product": {
"name": "python-tk-2.7.18-150000.83.1.x86_64",
"product_id": "python-tk-2.7.18-150000.83.1.x86_64"
}
},
{
"category": "product_version",
"name": "python-xml-2.7.18-150000.83.1.x86_64",
"product": {
"name": "python-xml-2.7.18-150000.83.1.x86_64",
"product_id": "python-xml-2.7.18-150000.83.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-2.7.18-150000.83.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.83.1.aarch64"
},
"product_reference": "libpython2_7-1_0-2.7.18-150000.83.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-2.7.18-150000.83.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.83.1.ppc64le"
},
"product_reference": "libpython2_7-1_0-2.7.18-150000.83.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-2.7.18-150000.83.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.83.1.s390x"
},
"product_reference": "libpython2_7-1_0-2.7.18-150000.83.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-2.7.18-150000.83.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.83.1.x86_64"
},
"product_reference": "libpython2_7-1_0-2.7.18-150000.83.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-150000.83.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.83.1.aarch64"
},
"product_reference": "python-2.7.18-150000.83.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-150000.83.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.83.1.ppc64le"
},
"product_reference": "python-2.7.18-150000.83.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-150000.83.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.83.1.s390x"
},
"product_reference": "python-2.7.18-150000.83.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-150000.83.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.83.1.x86_64"
},
"product_reference": "python-2.7.18-150000.83.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-2.7.18-150000.83.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.83.1.aarch64"
},
"product_reference": "python-base-2.7.18-150000.83.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-2.7.18-150000.83.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.83.1.ppc64le"
},
"product_reference": "python-base-2.7.18-150000.83.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-2.7.18-150000.83.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.83.1.s390x"
},
"product_reference": "python-base-2.7.18-150000.83.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-2.7.18-150000.83.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.83.1.x86_64"
},
"product_reference": "python-base-2.7.18-150000.83.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-150000.83.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.83.1.aarch64"
},
"product_reference": "python-curses-2.7.18-150000.83.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-150000.83.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.83.1.ppc64le"
},
"product_reference": "python-curses-2.7.18-150000.83.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-150000.83.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.83.1.s390x"
},
"product_reference": "python-curses-2.7.18-150000.83.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-150000.83.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.83.1.x86_64"
},
"product_reference": "python-curses-2.7.18-150000.83.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-150000.83.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.83.1.aarch64"
},
"product_reference": "python-gdbm-2.7.18-150000.83.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-150000.83.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.83.1.ppc64le"
},
"product_reference": "python-gdbm-2.7.18-150000.83.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-150000.83.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.83.1.s390x"
},
"product_reference": "python-gdbm-2.7.18-150000.83.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-150000.83.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.83.1.x86_64"
},
"product_reference": "python-gdbm-2.7.18-150000.83.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xml-2.7.18-150000.83.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.83.1.aarch64"
},
"product_reference": "python-xml-2.7.18-150000.83.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xml-2.7.18-150000.83.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.83.1.ppc64le"
},
"product_reference": "python-xml-2.7.18-150000.83.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xml-2.7.18-150000.83.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.83.1.s390x"
},
"product_reference": "python-xml-2.7.18-150000.83.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xml-2.7.18-150000.83.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.83.1.x86_64"
},
"product_reference": "python-xml-2.7.18-150000.83.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-2.7.18-150000.83.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.83.1.aarch64"
},
"product_reference": "libpython2_7-1_0-2.7.18-150000.83.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-2.7.18-150000.83.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.83.1.ppc64le"
},
"product_reference": "libpython2_7-1_0-2.7.18-150000.83.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-2.7.18-150000.83.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.83.1.s390x"
},
"product_reference": "libpython2_7-1_0-2.7.18-150000.83.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-2.7.18-150000.83.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.83.1.x86_64"
},
"product_reference": "libpython2_7-1_0-2.7.18-150000.83.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-150000.83.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.83.1.aarch64"
},
"product_reference": "python-2.7.18-150000.83.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-150000.83.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.83.1.ppc64le"
},
"product_reference": "python-2.7.18-150000.83.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-150000.83.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.83.1.s390x"
},
"product_reference": "python-2.7.18-150000.83.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-150000.83.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.83.1.x86_64"
},
"product_reference": "python-2.7.18-150000.83.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-2.7.18-150000.83.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.83.1.aarch64"
},
"product_reference": "python-base-2.7.18-150000.83.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-2.7.18-150000.83.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.83.1.ppc64le"
},
"product_reference": "python-base-2.7.18-150000.83.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-2.7.18-150000.83.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.83.1.s390x"
},
"product_reference": "python-base-2.7.18-150000.83.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-2.7.18-150000.83.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.83.1.x86_64"
},
"product_reference": "python-base-2.7.18-150000.83.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-150000.83.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.83.1.aarch64"
},
"product_reference": "python-curses-2.7.18-150000.83.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-150000.83.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.83.1.ppc64le"
},
"product_reference": "python-curses-2.7.18-150000.83.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-150000.83.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.83.1.s390x"
},
"product_reference": "python-curses-2.7.18-150000.83.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-150000.83.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.83.1.x86_64"
},
"product_reference": "python-curses-2.7.18-150000.83.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-150000.83.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.83.1.aarch64"
},
"product_reference": "python-gdbm-2.7.18-150000.83.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-150000.83.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.83.1.ppc64le"
},
"product_reference": "python-gdbm-2.7.18-150000.83.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-150000.83.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.83.1.s390x"
},
"product_reference": "python-gdbm-2.7.18-150000.83.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-150000.83.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.83.1.x86_64"
},
"product_reference": "python-gdbm-2.7.18-150000.83.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xml-2.7.18-150000.83.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.83.1.aarch64"
},
"product_reference": "python-xml-2.7.18-150000.83.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xml-2.7.18-150000.83.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.83.1.ppc64le"
},
"product_reference": "python-xml-2.7.18-150000.83.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xml-2.7.18-150000.83.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.83.1.s390x"
},
"product_reference": "python-xml-2.7.18-150000.83.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xml-2.7.18-150000.83.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.83.1.x86_64"
},
"product_reference": "python-xml-2.7.18-150000.83.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-2.7.18-150000.83.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.83.1.aarch64"
},
"product_reference": "libpython2_7-1_0-2.7.18-150000.83.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-2.7.18-150000.83.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.83.1.ppc64le"
},
"product_reference": "libpython2_7-1_0-2.7.18-150000.83.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-2.7.18-150000.83.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.83.1.s390x"
},
"product_reference": "libpython2_7-1_0-2.7.18-150000.83.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-2.7.18-150000.83.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.83.1.x86_64"
},
"product_reference": "libpython2_7-1_0-2.7.18-150000.83.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython2_7-1_0-32bit-2.7.18-150000.83.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpython2_7-1_0-32bit-2.7.18-150000.83.1.x86_64"
},
"product_reference": "libpython2_7-1_0-32bit-2.7.18-150000.83.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-150000.83.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-2.7.18-150000.83.1.aarch64"
},
"product_reference": "python-2.7.18-150000.83.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-150000.83.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-2.7.18-150000.83.1.ppc64le"
},
"product_reference": "python-2.7.18-150000.83.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-150000.83.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-2.7.18-150000.83.1.s390x"
},
"product_reference": "python-2.7.18-150000.83.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-2.7.18-150000.83.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-2.7.18-150000.83.1.x86_64"
},
"product_reference": "python-2.7.18-150000.83.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-32bit-2.7.18-150000.83.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-32bit-2.7.18-150000.83.1.x86_64"
},
"product_reference": "python-32bit-2.7.18-150000.83.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-2.7.18-150000.83.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-base-2.7.18-150000.83.1.aarch64"
},
"product_reference": "python-base-2.7.18-150000.83.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-2.7.18-150000.83.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-base-2.7.18-150000.83.1.ppc64le"
},
"product_reference": "python-base-2.7.18-150000.83.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-2.7.18-150000.83.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-base-2.7.18-150000.83.1.s390x"
},
"product_reference": "python-base-2.7.18-150000.83.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-2.7.18-150000.83.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-base-2.7.18-150000.83.1.x86_64"
},
"product_reference": "python-base-2.7.18-150000.83.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-base-32bit-2.7.18-150000.83.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-base-32bit-2.7.18-150000.83.1.x86_64"
},
"product_reference": "python-base-32bit-2.7.18-150000.83.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-150000.83.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-curses-2.7.18-150000.83.1.aarch64"
},
"product_reference": "python-curses-2.7.18-150000.83.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-150000.83.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-curses-2.7.18-150000.83.1.ppc64le"
},
"product_reference": "python-curses-2.7.18-150000.83.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-150000.83.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-curses-2.7.18-150000.83.1.s390x"
},
"product_reference": "python-curses-2.7.18-150000.83.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-curses-2.7.18-150000.83.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-curses-2.7.18-150000.83.1.x86_64"
},
"product_reference": "python-curses-2.7.18-150000.83.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-demo-2.7.18-150000.83.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-demo-2.7.18-150000.83.1.aarch64"
},
"product_reference": "python-demo-2.7.18-150000.83.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-demo-2.7.18-150000.83.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-demo-2.7.18-150000.83.1.ppc64le"
},
"product_reference": "python-demo-2.7.18-150000.83.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-demo-2.7.18-150000.83.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-demo-2.7.18-150000.83.1.s390x"
},
"product_reference": "python-demo-2.7.18-150000.83.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-demo-2.7.18-150000.83.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-demo-2.7.18-150000.83.1.x86_64"
},
"product_reference": "python-demo-2.7.18-150000.83.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-devel-2.7.18-150000.83.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-devel-2.7.18-150000.83.1.aarch64"
},
"product_reference": "python-devel-2.7.18-150000.83.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-devel-2.7.18-150000.83.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-devel-2.7.18-150000.83.1.ppc64le"
},
"product_reference": "python-devel-2.7.18-150000.83.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-devel-2.7.18-150000.83.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-devel-2.7.18-150000.83.1.s390x"
},
"product_reference": "python-devel-2.7.18-150000.83.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-devel-2.7.18-150000.83.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-devel-2.7.18-150000.83.1.x86_64"
},
"product_reference": "python-devel-2.7.18-150000.83.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-doc-2.7.18-150000.83.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-doc-2.7.18-150000.83.1.noarch"
},
"product_reference": "python-doc-2.7.18-150000.83.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-doc-pdf-2.7.18-150000.83.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-doc-pdf-2.7.18-150000.83.1.noarch"
},
"product_reference": "python-doc-pdf-2.7.18-150000.83.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-150000.83.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-gdbm-2.7.18-150000.83.1.aarch64"
},
"product_reference": "python-gdbm-2.7.18-150000.83.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-150000.83.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-gdbm-2.7.18-150000.83.1.ppc64le"
},
"product_reference": "python-gdbm-2.7.18-150000.83.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-150000.83.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-gdbm-2.7.18-150000.83.1.s390x"
},
"product_reference": "python-gdbm-2.7.18-150000.83.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gdbm-2.7.18-150000.83.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-gdbm-2.7.18-150000.83.1.x86_64"
},
"product_reference": "python-gdbm-2.7.18-150000.83.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-idle-2.7.18-150000.83.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-idle-2.7.18-150000.83.1.aarch64"
},
"product_reference": "python-idle-2.7.18-150000.83.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-idle-2.7.18-150000.83.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-idle-2.7.18-150000.83.1.ppc64le"
},
"product_reference": "python-idle-2.7.18-150000.83.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-idle-2.7.18-150000.83.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-idle-2.7.18-150000.83.1.s390x"
},
"product_reference": "python-idle-2.7.18-150000.83.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-idle-2.7.18-150000.83.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-idle-2.7.18-150000.83.1.x86_64"
},
"product_reference": "python-idle-2.7.18-150000.83.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-tk-2.7.18-150000.83.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-tk-2.7.18-150000.83.1.aarch64"
},
"product_reference": "python-tk-2.7.18-150000.83.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-tk-2.7.18-150000.83.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-tk-2.7.18-150000.83.1.ppc64le"
},
"product_reference": "python-tk-2.7.18-150000.83.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-tk-2.7.18-150000.83.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-tk-2.7.18-150000.83.1.s390x"
},
"product_reference": "python-tk-2.7.18-150000.83.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-tk-2.7.18-150000.83.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-tk-2.7.18-150000.83.1.x86_64"
},
"product_reference": "python-tk-2.7.18-150000.83.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xml-2.7.18-150000.83.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-xml-2.7.18-150000.83.1.aarch64"
},
"product_reference": "python-xml-2.7.18-150000.83.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xml-2.7.18-150000.83.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-xml-2.7.18-150000.83.1.ppc64le"
},
"product_reference": "python-xml-2.7.18-150000.83.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xml-2.7.18-150000.83.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-xml-2.7.18-150000.83.1.s390x"
},
"product_reference": "python-xml-2.7.18-150000.83.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-xml-2.7.18-150000.83.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python-xml-2.7.18-150000.83.1.x86_64"
},
"product_reference": "python-xml-2.7.18-150000.83.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-8194"
}
],
"notes": [
{
"category": "general",
"text": "There is a defect in the CPython \"tarfile\" module affecting the \"TarFile\" extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. \n\nThis vulnerability can be mitigated by including the following patch after importing the \"tarfile\" module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:libpython2_7-1_0-32bit-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:python-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:python-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:python-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-32bit-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-base-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:python-base-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:python-base-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:python-base-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-base-32bit-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-curses-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:python-curses-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:python-curses-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:python-curses-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-demo-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:python-demo-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:python-demo-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:python-demo-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-devel-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:python-devel-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:python-devel-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:python-devel-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-doc-2.7.18-150000.83.1.noarch",
"openSUSE Leap 15.6:python-doc-pdf-2.7.18-150000.83.1.noarch",
"openSUSE Leap 15.6:python-gdbm-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:python-gdbm-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:python-gdbm-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:python-gdbm-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-idle-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:python-idle-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:python-idle-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:python-idle-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-tk-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:python-tk-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:python-tk-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:python-tk-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-xml-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:python-xml-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:python-xml-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:python-xml-2.7.18-150000.83.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-8194",
"url": "https://www.suse.com/security/cve/CVE-2025-8194"
},
{
"category": "external",
"summary": "SUSE Bug 1247249 for CVE-2025-8194",
"url": "https://bugzilla.suse.com/1247249"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:libpython2_7-1_0-32bit-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:python-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:python-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:python-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-32bit-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-base-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:python-base-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:python-base-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:python-base-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-base-32bit-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-curses-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:python-curses-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:python-curses-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:python-curses-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-demo-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:python-demo-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:python-demo-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:python-demo-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-devel-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:python-devel-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:python-devel-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:python-devel-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-doc-2.7.18-150000.83.1.noarch",
"openSUSE Leap 15.6:python-doc-pdf-2.7.18-150000.83.1.noarch",
"openSUSE Leap 15.6:python-gdbm-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:python-gdbm-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:python-gdbm-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:python-gdbm-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-idle-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:python-idle-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:python-idle-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:python-idle-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-tk-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:python-tk-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:python-tk-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:python-tk-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-xml-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:python-xml-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:python-xml-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:python-xml-2.7.18-150000.83.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:libpython2_7-1_0-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-base-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-curses-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-gdbm-2.7.18-150000.83.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.83.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.83.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.83.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:python-xml-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:libpython2_7-1_0-32bit-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:python-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:python-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:python-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-32bit-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-base-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:python-base-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:python-base-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:python-base-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-base-32bit-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-curses-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:python-curses-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:python-curses-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:python-curses-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-demo-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:python-demo-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:python-demo-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:python-demo-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-devel-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:python-devel-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:python-devel-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:python-devel-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-doc-2.7.18-150000.83.1.noarch",
"openSUSE Leap 15.6:python-doc-pdf-2.7.18-150000.83.1.noarch",
"openSUSE Leap 15.6:python-gdbm-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:python-gdbm-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:python-gdbm-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:python-gdbm-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-idle-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:python-idle-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:python-idle-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:python-idle-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-tk-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:python-tk-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:python-tk-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:python-tk-2.7.18-150000.83.1.x86_64",
"openSUSE Leap 15.6:python-xml-2.7.18-150000.83.1.aarch64",
"openSUSE Leap 15.6:python-xml-2.7.18-150000.83.1.ppc64le",
"openSUSE Leap 15.6:python-xml-2.7.18-150000.83.1.s390x",
"openSUSE Leap 15.6:python-xml-2.7.18-150000.83.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-05T09:32:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-8194"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…