Updated python3 packages fix security vulnerabilities
Publication date: 12 Nov 2025Modification date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-0938 , CVE-2025-1795 , CVE-2024-9287 , CVE-2025-4516 , CVE-2024-12718 , CVE-2025-4138 , CVE-2025-4330 , CVE-2025-4435 , CVE-2025-4517 , CVE-2025-8194
Description
URL parser allowed square brackets in domain names. (CVE-2025-0938)
Mishandling of comma during folding and unicode-encoding of email
headers. (CVE-2025-1795)
Virtual environment (venv) activation scripts don't quote paths.
(CVE-2024-9287)
Use-after-free in "unicode_escape" decoder with error handler.
(CVE-2025-4516)
Bypass extraction filter to modify file metadata outside extraction
directory. (CVE-2024-12718)
Bypassing extraction filter to create symlinks to arbitrary targets
outside extraction directory. (CVE-2025-4138)
Extraction filter bypass for linking outside extraction directory.
(CVE-2025-4330)
Tarfile extracts filtered members when errorlevel=0. (CVE-2025-4435)
Arbitrary writes via tarfile realpath overflow. (CVE-2025-4517)
Tarfile infinite loop during parsing with negative member offset.
(CVE-2025-8194)
References
- https://bugs.mageia.org/show_bug.cgi?id=34285
- https://bugs.mageia.org/show_bug.cgi?id=34007
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4FRAYUVWW2DYX7RTRPVFLFADRHABRVQN/
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NNC4GZYGFZ76A7NUZ5BG2CMGVR32LXCG/
- https://ubuntu.com/security/notices/USN-7488-1
- https://www.openwall.com/lists/oss-security/2025/05/16/4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUW6UXZQE7B4PPK3PK3NZAWP5PVOU5L3/
- https://www.openwall.com/lists/oss-security/2025/06/24/1
- https://www.openwall.com/lists/oss-security/2025/07/28/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0938
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1795
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9287
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4516
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12718
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4138
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4330
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4435
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4517
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8194
SRPMS
9/core
- python3-3.10.18-1.4.mga9