Main Vulnerability Database SB2025021405

SB2025021405 - SUSE update for python312

Published: February 14, 2025

Security Bulletin ID SB2025021405

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Resource exhaustion (CVE-ID: CVE-2024-12254)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in asyncio._SelectorSocketTransport.writelines(). A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

2) Input validation error (CVE-ID: CVE-2025-0938)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to urllib.parse.urlsplit and urlparse accept domain names with square brackets. A remote attacker can pass specially crafted input to the application and bypass implemented security restrictions.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2025/suse-su-20250521-1/

Vulnerable Software

Python 3 Module: 15-SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
SUSE Linux Enterprise Desktop 15: SP6
python312-base-64bit: before 3.12.9-150600.3.18.1
python312-64bit-debuginfo: before 3.12.9-150600.3.18.1
libpython3_12-1_0-64bit: before 3.12.9-150600.3.18.1
python312-64bit: before 3.12.9-150600.3.18.1
libpython3_12-1_0-64bit-debuginfo: before 3.12.9-150600.3.18.1
python312-base-64bit-debuginfo: before 3.12.9-150600.3.18.1
python312-32bit-debuginfo: before 3.12.9-150600.3.18.1
libpython3_12-1_0-32bit: before 3.12.9-150600.3.18.1
python312-base-32bit-debuginfo: before 3.12.9-150600.3.18.1
libpython3_12-1_0-32bit-debuginfo: before 3.12.9-150600.3.18.1
python312-base-32bit: before 3.12.9-150600.3.18.1
python312-32bit: before 3.12.9-150600.3.18.1
python312-tools: before 3.12.9-150600.3.18.1
python312-core-debugsource: before 3.12.9-150600.3.18.1
python312-dbm-debuginfo: before 3.12.9-150600.3.18.1
python312-devel: before 3.12.9-150600.3.18.1
python312: before 3.12.9-150600.3.18.1
python312-doc: before 3.12.9-150600.3.18.1
python312-curses-debuginfo: before 3.12.9-150600.3.18.1
python312-dbm: before 3.12.9-150600.3.18.1
python312-testsuite-debuginfo: before 3.12.9-150600.3.18.1
python312-testsuite: before 3.12.9-150600.3.18.1
python312-base-debuginfo: before 3.12.9-150600.3.18.1
libpython3_12-1_0: before 3.12.9-150600.3.18.1
python312-debuginfo: before 3.12.9-150600.3.18.1
python312-tk-debuginfo: before 3.12.9-150600.3.18.1
python312-doc-devhelp: before 3.12.9-150600.3.18.1
python312-base: before 3.12.9-150600.3.18.1
python312-idle: before 3.12.9-150600.3.18.1
python312-debugsource: before 3.12.9-150600.3.18.1
python312-curses: before 3.12.9-150600.3.18.1
python312-tk: before 3.12.9-150600.3.18.1
libpython3_12-1_0-debuginfo: before 3.12.9-150600.3.18.1

SB2025021405 - SUSE update for python312

Breakdown by Severity

Description

Remediation

References

Please verify you're human