SUSE-CU-2025:4651-1: Security update of bci/python

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Sat Jun 21 07:11:49 UTC 2025 

SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:4651-1
Container Tags        : bci/python:3 , bci/python:3.12 , bci/python:3.12.11 , bci/python:3.12.11-69.3
Container Release     : 69.3
Severity              : important
Type                  : security
References            : 1243273 1244032 1244056 1244059 1244060 CVE-2024-12718 CVE-2025-4138
                        CVE-2025-4330 CVE-2025-4516 CVE-2025-4517 
-----------------------------------------------------------------

The container bci/python was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2048-1
Released:    Fri Jun 20 14:40:37 2025
Summary:     Security update for python312
Type:        security
Severity:    important
References:  1243273,1244032,1244056,1244059,1244060,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4516,CVE-2025-4517
This update for python312 fixes the following issues:

python312 was updated from version 3.12.9 to 3.12.11:

- Security issues fixed:

  * CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS (bsc#1243273)
  * CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517: Fixed multiple issues that allowed tarfile 
    extraction filters to be bypassed using crafted symlinks and hard links
    (bsc#1244056, bsc#1244059, bsc#1244060, bsc#1244032)

- Other changes and bugs fixed:

  * Added --single-process option to the Python test runner (regrtest).
  * Added support for text/x-rst MIME type.
  * Corrected issues in various modules.
  * Fixed bugs in the in the folding of rfc2047 encoded-words and in the folding of quoted strings when flattening an
    email message using a modern email policy.
  * Fixed f-string handling of lambda expressions with non-ASCII characters.
  * Fixed ipaddress.IPv6Address.reverse_pointer output according to RFC 3596.
  * Fixed parsing long IPv6 addresses with embedded IPv4 address.
  * Fixed resource leaks in gzip and multiprocessing Resource Tracker.
  * Improved IDLE's documentation display.
  * Improved the textual representation of IPv4-mapped IPv6 addresses in ipaddress.
  * ipaddress: fixed hash collisions for IPv4Network and IPv6Network objects
  * Made from __future__ import barry_as_FLUFL work in more contexts.
  * Resolved potential crashes in contextvars, xml.etree.ElementTree, sqlite3, and the sys module.
  * Scheduled deprecation of the check_home argument in sysconfig.is_python_build() for Python 3.15.
  * Stop the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor
    denial-of-service.
  * Undeprecated functional API for importlib.resources and added Anchor.
  * Updated bundled libexpat to 2.7.1
  * Updated bundled pip to version 25.0.1.
  * Updated documentation for generic classes, wheel tags, and the C API.


The following package changes have been done:

- libpython3_12-1_0-3.12.11-150600.3.30.1 updated
- python312-base-3.12.11-150600.3.30.1 updated
- python312-3.12.11-150600.3.30.1 updated
- python312-devel-3.12.11-150600.3.30.1 updated

More information about the sle-container-updates mailing list