SUSE update for python39
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2024-12718 CVE-2025-4138 CVE-2025-4330 CVE-2025-4516 CVE-2025-4517 |
| CWE-ID | CWE-22 CWE-59 CWE-416 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SUSE Linux Enterprise Server 15 SP5 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP3 Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing LTSS 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system SUSE Enterprise Storage Operating systems & Components / Operating system python39-base-64bit-debuginfo Operating systems & Components / Operating system package or component libpython3_9-1_0-64bit-debuginfo Operating systems & Components / Operating system package or component python39-64bit Operating systems & Components / Operating system package or component libpython3_9-1_0-64bit Operating systems & Components / Operating system package or component python39-64bit-debuginfo Operating systems & Components / Operating system package or component python39-base-64bit Operating systems & Components / Operating system package or component libpython3_9-1_0-32bit Operating systems & Components / Operating system package or component python39-base-32bit-debuginfo Operating systems & Components / Operating system package or component python39-base-32bit Operating systems & Components / Operating system package or component python39-32bit-debuginfo Operating systems & Components / Operating system package or component libpython3_9-1_0-32bit-debuginfo Operating systems & Components / Operating system package or component python39-32bit Operating systems & Components / Operating system package or component python39-core-debugsource Operating systems & Components / Operating system package or component python39-devel Operating systems & Components / Operating system package or component python39-base-debuginfo Operating systems & Components / Operating system package or component python39-doc-devhelp Operating systems & Components / Operating system package or component python39-tools Operating systems & Components / Operating system package or component python39-curses Operating systems & Components / Operating system package or component python39-tk-debuginfo Operating systems & Components / Operating system package or component python39 Operating systems & Components / Operating system package or component python39-dbm-debuginfo Operating systems & Components / Operating system package or component python39-doc Operating systems & Components / Operating system package or component libpython3_9-1_0-debuginfo Operating systems & Components / Operating system package or component python39-base Operating systems & Components / Operating system package or component python39-curses-debuginfo Operating systems & Components / Operating system package or component python39-debugsource Operating systems & Components / Operating system package or component python39-debuginfo Operating systems & Components / Operating system package or component python39-testsuite-debuginfo Operating systems & Components / Operating system package or component python39-testsuite Operating systems & Components / Operating system package or component libpython3_9-1_0 Operating systems & Components / Operating system package or component python39-idle Operating systems & Components / Operating system package or component python39-dbm Operating systems & Components / Operating system package or component python39-tk Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Path traversal
EUVDB-ID: #VU111969
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-12718
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to modify arbitrary files on the system.
The vulnerability exists due to input validation error in the tarfile module. A remote attacker can pass a specially crafted archive to the application and modify some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory.
MitigationUpdate the affected package python39 to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
openSUSE Leap: 15.3 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP5
SUSE Linux Enterprise Server 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3
SUSE Linux Enterprise High Performance Computing 15: SP3
SUSE Enterprise Storage: 7.1
python39-base-64bit-debuginfo: before 3.9.23-150300.4.75.1
libpython3_9-1_0-64bit-debuginfo: before 3.9.23-150300.4.75.1
python39-64bit: before 3.9.23-150300.4.75.1
libpython3_9-1_0-64bit: before 3.9.23-150300.4.75.1
python39-64bit-debuginfo: before 3.9.23-150300.4.75.1
python39-base-64bit: before 3.9.23-150300.4.75.1
libpython3_9-1_0-32bit: before 3.9.23-150300.4.75.1
python39-base-32bit-debuginfo: before 3.9.23-150300.4.75.1
python39-base-32bit: before 3.9.23-150300.4.75.1
python39-32bit-debuginfo: before 3.9.23-150300.4.75.1
libpython3_9-1_0-32bit-debuginfo: before 3.9.23-150300.4.75.1
python39-32bit: before 3.9.23-150300.4.75.1
python39-core-debugsource: before 3.9.23-150300.4.75.1
python39-devel: before 3.9.23-150300.4.75.1
python39-base-debuginfo: before 3.9.23-150300.4.75.1
python39-doc-devhelp: before 3.9.23-150300.4.75.1
python39-tools: before 3.9.23-150300.4.75.1
python39-curses: before 3.9.23-150300.4.75.1
python39-tk-debuginfo: before 3.9.23-150300.4.75.1
python39: before 3.9.23-150300.4.75.1
python39-dbm-debuginfo: before 3.9.23-150300.4.75.1
python39-doc: before 3.9.23-150300.4.75.1
libpython3_9-1_0-debuginfo: before 3.9.23-150300.4.75.1
python39-base: before 3.9.23-150300.4.75.1
python39-curses-debuginfo: before 3.9.23-150300.4.75.1
python39-debugsource: before 3.9.23-150300.4.75.1
python39-debuginfo: before 3.9.23-150300.4.75.1
python39-testsuite-debuginfo: before 3.9.23-150300.4.75.1
python39-testsuite: before 3.9.23-150300.4.75.1
libpython3_9-1_0: before 3.9.23-150300.4.75.1
python39-idle: before 3.9.23-150300.4.75.1
python39-dbm: before 3.9.23-150300.4.75.1
python39-tk: before 3.9.23-150300.4.75.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:python39-base-64bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0-64bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-64bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0-64bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-64bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-base-64bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-base-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-base-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-core-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-doc-devhelp:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-curses:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-tk-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-dbm-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-doc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-curses-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-testsuite-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-testsuite:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-idle:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-dbm:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-tk:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202502050-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Link following
EUVDB-ID: #VU111968
Risk: High
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-4138
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an insecure link following issue when extracting data from an archive in the tarfile module. A remote attacker can pass a specially crafted archive to the application and overwrite arbitrary files outside the destination directory during extraction with filter="data"..
MitigationUpdate the affected package python39 to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
openSUSE Leap: 15.3 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP5
SUSE Linux Enterprise Server 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3
SUSE Linux Enterprise High Performance Computing 15: SP3
SUSE Enterprise Storage: 7.1
python39-base-64bit-debuginfo: before 3.9.23-150300.4.75.1
libpython3_9-1_0-64bit-debuginfo: before 3.9.23-150300.4.75.1
python39-64bit: before 3.9.23-150300.4.75.1
libpython3_9-1_0-64bit: before 3.9.23-150300.4.75.1
python39-64bit-debuginfo: before 3.9.23-150300.4.75.1
python39-base-64bit: before 3.9.23-150300.4.75.1
libpython3_9-1_0-32bit: before 3.9.23-150300.4.75.1
python39-base-32bit-debuginfo: before 3.9.23-150300.4.75.1
python39-base-32bit: before 3.9.23-150300.4.75.1
python39-32bit-debuginfo: before 3.9.23-150300.4.75.1
libpython3_9-1_0-32bit-debuginfo: before 3.9.23-150300.4.75.1
python39-32bit: before 3.9.23-150300.4.75.1
python39-core-debugsource: before 3.9.23-150300.4.75.1
python39-devel: before 3.9.23-150300.4.75.1
python39-base-debuginfo: before 3.9.23-150300.4.75.1
python39-doc-devhelp: before 3.9.23-150300.4.75.1
python39-tools: before 3.9.23-150300.4.75.1
python39-curses: before 3.9.23-150300.4.75.1
python39-tk-debuginfo: before 3.9.23-150300.4.75.1
python39: before 3.9.23-150300.4.75.1
python39-dbm-debuginfo: before 3.9.23-150300.4.75.1
python39-doc: before 3.9.23-150300.4.75.1
libpython3_9-1_0-debuginfo: before 3.9.23-150300.4.75.1
python39-base: before 3.9.23-150300.4.75.1
python39-curses-debuginfo: before 3.9.23-150300.4.75.1
python39-debugsource: before 3.9.23-150300.4.75.1
python39-debuginfo: before 3.9.23-150300.4.75.1
python39-testsuite-debuginfo: before 3.9.23-150300.4.75.1
python39-testsuite: before 3.9.23-150300.4.75.1
libpython3_9-1_0: before 3.9.23-150300.4.75.1
python39-idle: before 3.9.23-150300.4.75.1
python39-dbm: before 3.9.23-150300.4.75.1
python39-tk: before 3.9.23-150300.4.75.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:python39-base-64bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0-64bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-64bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0-64bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-64bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-base-64bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-base-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-base-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-core-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-doc-devhelp:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-curses:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-tk-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-dbm-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-doc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-curses-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-testsuite-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-testsuite:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-idle:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-dbm:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-tk:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202502050-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Link following
EUVDB-ID: #VU111967
Risk: High
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-4330
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an insecure link following issue when extracting data from an archive in the tarfile module. A remote attacker can pass a specially crafted archive to the application and overwrite arbitrary files outside the destination directory.
MitigationUpdate the affected package python39 to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
openSUSE Leap: 15.3 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP5
SUSE Linux Enterprise Server 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3
SUSE Linux Enterprise High Performance Computing 15: SP3
SUSE Enterprise Storage: 7.1
python39-base-64bit-debuginfo: before 3.9.23-150300.4.75.1
libpython3_9-1_0-64bit-debuginfo: before 3.9.23-150300.4.75.1
python39-64bit: before 3.9.23-150300.4.75.1
libpython3_9-1_0-64bit: before 3.9.23-150300.4.75.1
python39-64bit-debuginfo: before 3.9.23-150300.4.75.1
python39-base-64bit: before 3.9.23-150300.4.75.1
libpython3_9-1_0-32bit: before 3.9.23-150300.4.75.1
python39-base-32bit-debuginfo: before 3.9.23-150300.4.75.1
python39-base-32bit: before 3.9.23-150300.4.75.1
python39-32bit-debuginfo: before 3.9.23-150300.4.75.1
libpython3_9-1_0-32bit-debuginfo: before 3.9.23-150300.4.75.1
python39-32bit: before 3.9.23-150300.4.75.1
python39-core-debugsource: before 3.9.23-150300.4.75.1
python39-devel: before 3.9.23-150300.4.75.1
python39-base-debuginfo: before 3.9.23-150300.4.75.1
python39-doc-devhelp: before 3.9.23-150300.4.75.1
python39-tools: before 3.9.23-150300.4.75.1
python39-curses: before 3.9.23-150300.4.75.1
python39-tk-debuginfo: before 3.9.23-150300.4.75.1
python39: before 3.9.23-150300.4.75.1
python39-dbm-debuginfo: before 3.9.23-150300.4.75.1
python39-doc: before 3.9.23-150300.4.75.1
libpython3_9-1_0-debuginfo: before 3.9.23-150300.4.75.1
python39-base: before 3.9.23-150300.4.75.1
python39-curses-debuginfo: before 3.9.23-150300.4.75.1
python39-debugsource: before 3.9.23-150300.4.75.1
python39-debuginfo: before 3.9.23-150300.4.75.1
python39-testsuite-debuginfo: before 3.9.23-150300.4.75.1
python39-testsuite: before 3.9.23-150300.4.75.1
libpython3_9-1_0: before 3.9.23-150300.4.75.1
python39-idle: before 3.9.23-150300.4.75.1
python39-dbm: before 3.9.23-150300.4.75.1
python39-tk: before 3.9.23-150300.4.75.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:python39-base-64bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0-64bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-64bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0-64bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-64bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-base-64bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-base-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-base-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-core-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-doc-devhelp:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-curses:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-tk-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-dbm-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-doc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-curses-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-testsuite-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-testsuite:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-idle:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-dbm:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-tk:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202502050-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU112030
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-4516
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error when using the bytes.decode("unicode_escape", error="ignore|replace") function call. A remote attacker can pass a specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package python39 to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
openSUSE Leap: 15.3 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP5
SUSE Linux Enterprise Server 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3
SUSE Linux Enterprise High Performance Computing 15: SP3
SUSE Enterprise Storage: 7.1
python39-base-64bit-debuginfo: before 3.9.23-150300.4.75.1
libpython3_9-1_0-64bit-debuginfo: before 3.9.23-150300.4.75.1
python39-64bit: before 3.9.23-150300.4.75.1
libpython3_9-1_0-64bit: before 3.9.23-150300.4.75.1
python39-64bit-debuginfo: before 3.9.23-150300.4.75.1
python39-base-64bit: before 3.9.23-150300.4.75.1
libpython3_9-1_0-32bit: before 3.9.23-150300.4.75.1
python39-base-32bit-debuginfo: before 3.9.23-150300.4.75.1
python39-base-32bit: before 3.9.23-150300.4.75.1
python39-32bit-debuginfo: before 3.9.23-150300.4.75.1
libpython3_9-1_0-32bit-debuginfo: before 3.9.23-150300.4.75.1
python39-32bit: before 3.9.23-150300.4.75.1
python39-core-debugsource: before 3.9.23-150300.4.75.1
python39-devel: before 3.9.23-150300.4.75.1
python39-base-debuginfo: before 3.9.23-150300.4.75.1
python39-doc-devhelp: before 3.9.23-150300.4.75.1
python39-tools: before 3.9.23-150300.4.75.1
python39-curses: before 3.9.23-150300.4.75.1
python39-tk-debuginfo: before 3.9.23-150300.4.75.1
python39: before 3.9.23-150300.4.75.1
python39-dbm-debuginfo: before 3.9.23-150300.4.75.1
python39-doc: before 3.9.23-150300.4.75.1
libpython3_9-1_0-debuginfo: before 3.9.23-150300.4.75.1
python39-base: before 3.9.23-150300.4.75.1
python39-curses-debuginfo: before 3.9.23-150300.4.75.1
python39-debugsource: before 3.9.23-150300.4.75.1
python39-debuginfo: before 3.9.23-150300.4.75.1
python39-testsuite-debuginfo: before 3.9.23-150300.4.75.1
python39-testsuite: before 3.9.23-150300.4.75.1
libpython3_9-1_0: before 3.9.23-150300.4.75.1
python39-idle: before 3.9.23-150300.4.75.1
python39-dbm: before 3.9.23-150300.4.75.1
python39-tk: before 3.9.23-150300.4.75.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:python39-base-64bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0-64bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-64bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0-64bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-64bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-base-64bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-base-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-base-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-core-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-doc-devhelp:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-curses:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-tk-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-dbm-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-doc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-curses-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-testsuite-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-testsuite:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-idle:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-dbm:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-tk:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202502050-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Path traversal
EUVDB-ID: #VU111966
Risk: High
CVSSv4.0: 8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-4517
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to input validation error in the tarfile module when extracting files from an archive with filter="data". A remote attacker can pass specially crafted archive to the application and write files to arbitrary locations on the system outside the extraction directory.
MitigationUpdate the affected package python39 to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP3: LTSS
openSUSE Leap: 15.3 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP5
SUSE Linux Enterprise Server 15: SP3 - SP5
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3
SUSE Linux Enterprise High Performance Computing 15: SP3
SUSE Enterprise Storage: 7.1
python39-base-64bit-debuginfo: before 3.9.23-150300.4.75.1
libpython3_9-1_0-64bit-debuginfo: before 3.9.23-150300.4.75.1
python39-64bit: before 3.9.23-150300.4.75.1
libpython3_9-1_0-64bit: before 3.9.23-150300.4.75.1
python39-64bit-debuginfo: before 3.9.23-150300.4.75.1
python39-base-64bit: before 3.9.23-150300.4.75.1
libpython3_9-1_0-32bit: before 3.9.23-150300.4.75.1
python39-base-32bit-debuginfo: before 3.9.23-150300.4.75.1
python39-base-32bit: before 3.9.23-150300.4.75.1
python39-32bit-debuginfo: before 3.9.23-150300.4.75.1
libpython3_9-1_0-32bit-debuginfo: before 3.9.23-150300.4.75.1
python39-32bit: before 3.9.23-150300.4.75.1
python39-core-debugsource: before 3.9.23-150300.4.75.1
python39-devel: before 3.9.23-150300.4.75.1
python39-base-debuginfo: before 3.9.23-150300.4.75.1
python39-doc-devhelp: before 3.9.23-150300.4.75.1
python39-tools: before 3.9.23-150300.4.75.1
python39-curses: before 3.9.23-150300.4.75.1
python39-tk-debuginfo: before 3.9.23-150300.4.75.1
python39: before 3.9.23-150300.4.75.1
python39-dbm-debuginfo: before 3.9.23-150300.4.75.1
python39-doc: before 3.9.23-150300.4.75.1
libpython3_9-1_0-debuginfo: before 3.9.23-150300.4.75.1
python39-base: before 3.9.23-150300.4.75.1
python39-curses-debuginfo: before 3.9.23-150300.4.75.1
python39-debugsource: before 3.9.23-150300.4.75.1
python39-debuginfo: before 3.9.23-150300.4.75.1
python39-testsuite-debuginfo: before 3.9.23-150300.4.75.1
python39-testsuite: before 3.9.23-150300.4.75.1
libpython3_9-1_0: before 3.9.23-150300.4.75.1
python39-idle: before 3.9.23-150300.4.75.1
python39-dbm: before 3.9.23-150300.4.75.1
python39-tk: before 3.9.23-150300.4.75.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:suse:python39-base-64bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0-64bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-64bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0-64bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-64bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-base-64bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-base-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-base-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-32bit:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-core-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-base-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-doc-devhelp:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-curses:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-tk-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-dbm-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-doc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-curses-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-testsuite-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-testsuite:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libpython3_9-1_0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-idle:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-dbm:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python39-tk:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202502050-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
