SUSE-SU-2025:4277-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2025/suse-su-20254277-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:4277-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2025:4277-1
Upstream
Related
Published
2025-11-27T13:13:43Z
Modified
2026-03-11T07:31:05.125365Z
Summary
Security update for python313
Details

This update for python313 fixes the following issues:

Update to 3.13.9:

  • CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars() (bsc#1252974)
  • CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory (EOCD) not checked by the 'zipfile' module (bsc#1251305)

Other fixes:

  • Fix readline history truncation when length is reduced
  • Fixing reproducible build for python-nogil (bsc#1244680)
References

Affected packages

SUSE:Linux Enterprise Module for Python 3 15 SP7 / python313

Package

Name
python313
Purl
pkg:rpm/suse/python313&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.13.9-150700.4.26.1

Ecosystem specific 

{
    "binaries": [
        {
            "python313-tools": "3.13.9-150700.4.26.1",
            "python313": "3.13.9-150700.4.26.1",
            "python313-devel": "3.13.9-150700.4.26.1",
            "python313-idle": "3.13.9-150700.4.26.1",
            "libpython3_13-1_0": "3.13.9-150700.4.26.1",
            "python313-curses": "3.13.9-150700.4.26.1",
            "python313-base": "3.13.9-150700.4.26.1",
            "python313-dbm": "3.13.9-150700.4.26.1",
            "python313-tk": "3.13.9-150700.4.26.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:4277-1.json"

SUSE:Linux Enterprise Module for Python 3 15 SP7 / python313-core

Package

Name
python313-core
Purl
pkg:rpm/suse/python313-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.13.9-150700.4.26.1

Ecosystem specific 

{
    "binaries": [
        {
            "python313-tools": "3.13.9-150700.4.26.1",
            "python313": "3.13.9-150700.4.26.1",
            "python313-devel": "3.13.9-150700.4.26.1",
            "python313-idle": "3.13.9-150700.4.26.1",
            "libpython3_13-1_0": "3.13.9-150700.4.26.1",
            "python313-curses": "3.13.9-150700.4.26.1",
            "python313-base": "3.13.9-150700.4.26.1",
            "python313-dbm": "3.13.9-150700.4.26.1",
            "python313-tk": "3.13.9-150700.4.26.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:4277-1.json"