Security update for python312

Announcement ID:	SUSE-SU-2025:02048-1
Release Date:	2025-06-20T12:40:50Z
Rating:	important
References:	bsc#1243273 bsc#1244032 bsc#1244056 bsc#1244059 bsc#1244060
Cross-References:	CVE-2024-12718 CVE-2025-4138 CVE-2025-4330 CVE-2025-4516 CVE-2025-4517
CVSS scores:	CVE-2024-12718 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2024-12718 ( NVD ): 10.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2024-12718 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2025-4138 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2025-4138 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2025-4330 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N CVE-2025-4330 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2025-4516 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2025-4516 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-4516 ( NVD ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2025-4517 ( SUSE ): 7.5 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-4517 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2025-4517 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Affected Products:	openSUSE Leap 15.6 Python 3 Module 15-SP6 SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves five vulnerabilities can now be installed.

Description:

This update for python312 fixes the following issues:

python312 was updated from version 3.12.9 to 3.12.11:

• Security issues fixed:

• CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS (bsc#1243273)

• CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517: Fixed multiple issues that allowed tarfile extraction filters to be bypassed using crafted symlinks and hard links (bsc#1244056, bsc#1244059, bsc#1244060, bsc#1244032)

• Other changes and bugs fixed:

• Added --single-process option to the Python test runner (regrtest).

• Added support for text/x-rst MIME type.
• Corrected issues in various modules.
• Fixed bugs in the in the folding of rfc2047 encoded-words and in the folding of quoted strings when flattening an email message using a modern email policy.
• Fixed f-string handling of lambda expressions with non-ASCII characters.
• Fixed ipaddress.IPv6Address.reverse_pointer output according to RFC 3596.
• Fixed parsing long IPv6 addresses with embedded IPv4 address.
• Fixed resource leaks in gzip and multiprocessing Resource Tracker.
• Improved IDLE's documentation display.
• Improved the textual representation of IPv4-mapped IPv6 addresses in ipaddress.
• ipaddress: fixed hash collisions for IPv4Network and IPv6Network objects
• Made from future import barry_as_FLUFL work in more contexts.
• Resolved potential crashes in contextvars, xml.etree.ElementTree, sqlite3, and the sys module.
• Scheduled deprecation of the check_home argument in sysconfig.is_python_build() for Python 3.15.
• Stop the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service.
• Undeprecated functional API for importlib.resources and added Anchor.
• Updated bundled libexpat to 2.7.1
• Updated bundled pip to version 25.0.1.
• Updated documentation for generic classes, wheel tags, and the C API.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.6
  zypper in -t patch SUSE-2025-2048=1 openSUSE-SLE-15.6-2025-2048=1
• Python 3 Module 15-SP6
  zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2025-2048=1

Package List:

• openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
  • python312-devel-3.12.11-150600.3.30.1
  • python312-base-3.12.11-150600.3.30.1
  • python312-tk-3.12.11-150600.3.30.1
  • libpython3_12-1_0-debuginfo-3.12.11-150600.3.30.1
  • python312-idle-3.12.11-150600.3.30.1
  • python312-dbm-debuginfo-3.12.11-150600.3.30.1
  • python312-debuginfo-3.12.11-150600.3.30.1
  • python312-3.12.11-150600.3.30.1
  • python312-curses-debuginfo-3.12.11-150600.3.30.1
  • libpython3_12-1_0-3.12.11-150600.3.30.1
  • python312-testsuite-3.12.11-150600.3.30.1
  • python312-base-debuginfo-3.12.11-150600.3.30.1
  • python312-debugsource-3.12.11-150600.3.30.1
  • python312-doc-devhelp-3.12.11-150600.3.30.1
  • python312-tk-debuginfo-3.12.11-150600.3.30.1
  • python312-testsuite-debuginfo-3.12.11-150600.3.30.1
  • python312-curses-3.12.11-150600.3.30.1
  • python312-tools-3.12.11-150600.3.30.1
  • python312-doc-3.12.11-150600.3.30.1
  • python312-core-debugsource-3.12.11-150600.3.30.1
  • python312-dbm-3.12.11-150600.3.30.1
• openSUSE Leap 15.6 (x86_64)
  • libpython3_12-1_0-32bit-debuginfo-3.12.11-150600.3.30.1
  • python312-base-32bit-debuginfo-3.12.11-150600.3.30.1
  • libpython3_12-1_0-32bit-3.12.11-150600.3.30.1
  • python312-base-32bit-3.12.11-150600.3.30.1
  • python312-32bit-debuginfo-3.12.11-150600.3.30.1
  • python312-32bit-3.12.11-150600.3.30.1
• openSUSE Leap 15.6 (aarch64_ilp32)
  • python312-64bit-3.12.11-150600.3.30.1
  • python312-base-64bit-3.12.11-150600.3.30.1
  • python312-64bit-debuginfo-3.12.11-150600.3.30.1
  • libpython3_12-1_0-64bit-3.12.11-150600.3.30.1
  • libpython3_12-1_0-64bit-debuginfo-3.12.11-150600.3.30.1
  • python312-base-64bit-debuginfo-3.12.11-150600.3.30.1
• Python 3 Module 15-SP6 (aarch64 ppc64le s390x x86_64)
  • python312-tools-3.12.11-150600.3.30.1
  • python312-curses-debuginfo-3.12.11-150600.3.30.1
  • libpython3_12-1_0-3.12.11-150600.3.30.1
  • python312-debugsource-3.12.11-150600.3.30.1
  • python312-devel-3.12.11-150600.3.30.1
  • python312-base-3.12.11-150600.3.30.1
  • python312-core-debugsource-3.12.11-150600.3.30.1
  • python312-tk-debuginfo-3.12.11-150600.3.30.1
  • python312-tk-3.12.11-150600.3.30.1
  • libpython3_12-1_0-debuginfo-3.12.11-150600.3.30.1
  • python312-debuginfo-3.12.11-150600.3.30.1
  • python312-idle-3.12.11-150600.3.30.1
  • python312-dbm-debuginfo-3.12.11-150600.3.30.1
  • python312-base-debuginfo-3.12.11-150600.3.30.1
  • python312-curses-3.12.11-150600.3.30.1
  • python312-dbm-3.12.11-150600.3.30.1
  • python312-3.12.11-150600.3.30.1

References:

• https://www.suse.com/security/cve/CVE-2024-12718.html
• https://www.suse.com/security/cve/CVE-2025-4138.html
• https://www.suse.com/security/cve/CVE-2025-4330.html
• https://www.suse.com/security/cve/CVE-2025-4516.html
• https://www.suse.com/security/cve/CVE-2025-4517.html
• https://bugzilla.suse.com/show_bug.cgi?id=1243273
• https://bugzilla.suse.com/show_bug.cgi?id=1244032
• https://bugzilla.suse.com/show_bug.cgi?id=1244056
• https://bugzilla.suse.com/show_bug.cgi?id=1244059
• https://bugzilla.suse.com/show_bug.cgi?id=1244060