SB20250828107 - Red Hat Enterprise Linux 8 update for the python39:3.9 module

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20250828107

SB20250828107 - Red Hat Enterprise Linux 8 update for the python39:3.9 module

Published: August 28, 2025

Security Bulletin ID SB20250828107
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 50% Medium 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Path traversal (CVE-ID: CVE-2025-47273)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to input validation error when processing directory traversal sequences in package_index.py. A remote attacker can trick the victim into installing a specially crafted script and overwrite arbitrary files on the system, leading to code execution.


2) Infinite loop (CVE-ID: CVE-2025-8194)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in the “tarfile” module when handling tar archives with negative offsets. A remote attacker can pass a specially crafted tar archive to the application and consume all available system resources, resulting in a deadlock and a denial of service. 


Remediation

Install update from vendor's website.

References