SUSE-SU-2026:0210-1

CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032)
CVE-2025-4330: Fixed extraction filter bypass for linking outside extraction directory (bsc#1244060)
CVE-2007-4559: Fixed python tarfile module directory traversal (bsc#1203750)
CVE-2024-12718: Fixed bypass extraction filter to modify file metadata outside extraction directory (bsc#1244056)
CVE-2025-4138: Fixed symlinking targets to not point outside the destination directory, and the modification of some file metadata (bsc#1244059)
CVE-2025-4435: Fixed tarfile extracting filtered members when errorlevel=0 (bsc#1244061)

Other fixes:

Fixed two shebangs with /usr/local/bin/python

References

Affected packages

SUSE:Linux Enterprise Server 12 SP5-LTSS

python3

Package

Name: python3
Purl: pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.10-25.169.1

Ecosystem specific

{
    "binaries": [
        {
            "libpython3_4m1_0-32bit": "3.4.10-25.169.1",
            "libpython3_4m1_0": "3.4.10-25.169.1",
            "python3-base": "3.4.10-25.169.1",
            "python3-curses": "3.4.10-25.169.1",
            "python3-devel": "3.4.10-25.169.1",
            "python3-tk": "3.4.10-25.169.1",
            "python3": "3.4.10-25.169.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0210-1.json"

python3-base

Package

Name: python3-base
Purl: pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.10-25.169.1

Ecosystem specific

{
    "binaries": [
        {
            "libpython3_4m1_0-32bit": "3.4.10-25.169.1",
            "libpython3_4m1_0": "3.4.10-25.169.1",
            "python3-base": "3.4.10-25.169.1",
            "python3-curses": "3.4.10-25.169.1",
            "python3-devel": "3.4.10-25.169.1",
            "python3-tk": "3.4.10-25.169.1",
            "python3": "3.4.10-25.169.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0210-1.json"

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5

python3

Package

Name: python3
Purl: pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.10-25.169.1

Ecosystem specific

{
    "binaries": [
        {
            "libpython3_4m1_0-32bit": "3.4.10-25.169.1",
            "libpython3_4m1_0": "3.4.10-25.169.1",
            "python3-base": "3.4.10-25.169.1",
            "python3-curses": "3.4.10-25.169.1",
            "python3-devel": "3.4.10-25.169.1",
            "python3-tk": "3.4.10-25.169.1",
            "python3": "3.4.10-25.169.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0210-1.json"

python3-base

Package

Name: python3-base
Purl: pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.10-25.169.1

Ecosystem specific

{
    "binaries": [
        {
            "libpython3_4m1_0-32bit": "3.4.10-25.169.1",
            "libpython3_4m1_0": "3.4.10-25.169.1",
            "python3-base": "3.4.10-25.169.1",
            "python3-curses": "3.4.10-25.169.1",
            "python3-devel": "3.4.10-25.169.1",
            "python3-tk": "3.4.10-25.169.1",
            "python3": "3.4.10-25.169.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0210-1.json"