{"affected":[{"ecosystem_specific":{"binaries":[{"libpython3_11-1_0":"3.11.13-slfo.1.1_1.1","python311":"3.11.13-slfo.1.1_1.1","python311-base":"3.11.13-slfo.1.1_1.1","python311-curses":"3.11.13-slfo.1.1_1.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.1","name":"python311","purl":"pkg:rpm/suse/python311&distro=SUSE%20Linux%20Micro%206.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.11.13-slfo.1.1_1.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libpython3_11-1_0":"3.11.13-slfo.1.1_1.1","python311":"3.11.13-slfo.1.1_1.1","python311-base":"3.11.13-slfo.1.1_1.1","python311-curses":"3.11.13-slfo.1.1_1.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.1","name":"python311-core","purl":"pkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Micro%206.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.11.13-slfo.1.1_1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for python311 fixes the following issues:\n\n- CVE-2025-6069: Avoid worst case quadratic complexity when processing\n  certain crafted malformed inputs with HTMLParser (bsc#1244705).\n\nUpdate to 3.11.13:\n\n  - Security\n\n    - gh-135034: Fixes multiple issues that allowed tarfile\n      extraction filters (filter=\"data\" and filter=\"tar\")\n      to be bypassed using crafted symlinks and hard links.\n      Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138\n      (bsc#1244059), CVE-2025-4330 (bsc#1244060), and\n      CVE-2025-4517 (bsc#1244032). Also addresses CVE-2025-4435\n      (gh#135034, bsc#1244061).\n    - gh-133767: Fix use-after-free in the “unicode-escape”\n      decoder with a non-“strict” error handler (CVE-2025-4516,\n      bsc#1243273).\n    - gh-128840: Short-circuit the processing of long IPv6\n      addresses early in ipaddress to prevent excessive memory\n      consumption and a minor denial-of-service.\n\n  - Library\n\n    - gh-128840: Fix parsing long IPv6 addresses with embedded\n      IPv4 address.\n    - gh-134062: ipaddress: fix collisions in __hash__() for\n      IPv4Network and IPv6Network objects.\n    - gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output\n      according to RFC 3596, §2.5. Patch by Bénédikt Tran.\n    - bpo-43633: Improve the textual representation of\n      IPv4-mapped IPv6 addresses (RFC 4291 Sections 2.2, 2.5.5.2)\n      in ipaddress. Patch by Oleksandr Pavliuk.\n","id":"SUSE-SU-2025:20539-1","modified":"2025-08-01T10:21:35Z","published":"2025-08-01T10:21:35Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202520539-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1243155"},{"type":"REPORT","url":"https://bugzilla.suse.com/1243273"},{"type":"REPORT","url":"https://bugzilla.suse.com/1244032"},{"type":"REPORT","url":"https://bugzilla.suse.com/1244056"},{"type":"REPORT","url":"https://bugzilla.suse.com/1244059"},{"type":"REPORT","url":"https://bugzilla.suse.com/1244060"},{"type":"REPORT","url":"https://bugzilla.suse.com/1244061"},{"type":"REPORT","url":"https://bugzilla.suse.com/1244705"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-12718"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-4138"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-4330"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-4435"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-4516"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-4517"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-6069"}],"related":["CVE-2024-12718","CVE-2025-4138","CVE-2025-4330","CVE-2025-4435","CVE-2025-4516","CVE-2025-4517","CVE-2025-6069"],"summary":"Security update for python311","upstream":["CVE-2024-12718","CVE-2025-4138","CVE-2025-4330","CVE-2025-4435","CVE-2025-4516","CVE-2025-4517","CVE-2025-6069"]}