Red Hat Security Advisory: python39:3.9 security update
🔗 CVE IDs covered (12)
📋 Description
CVE-2024-5642 — python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used CVE-2024-9287 — python: Virtual environment (venv) activation scripts don't quote paths CVE-2024-11168 — python: Improper validation of IPv6 and IPvFuture addresses CVE-2025-0938 — python: cpython: URL parser allowed square brackets in domain names CVE-2025-4138 — cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory CVE-2025-4330 — cpython: python: Extraction filter bypass for linking outside extraction directory CVE-2025-4435 — cpython: Tarfile extracts filtered members when errorlevel=0 CVE-2025-4516 — cpython: python: CPython DecodeError Handling Vulnerability CVE-2025-4517 — python: cpython: Arbitrary writes via tarfile realpath overflow CVE-2025-6069 — cpython: Python HTMLParser quadratic complexity CVE-2025-6075 — python: Quadratic complexity in os.path.expandvars() with user-controlled template CVE-2025-8291 — cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked
🔗 References (16)
- selfhttps://access.redhat.com/errata/RHSA-2025:23530
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2294682
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2321440
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2325776
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2343237
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2366509
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2370010
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2370014
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2370016
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2372426
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2373234
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2402342
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2408891
- externalhttps://issues.redhat.com/browse/RHEL-128539
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23530.json