SB2026010624 - Red Hat Enterprise Linux 8 update for python3.12 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026010624

SB2026010624 - Red Hat Enterprise Linux 8 update for python3.12

Published: January 6, 2026

Security Bulletin ID SB2026010624
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2025-8291)

The vulnerability allows a remote attacker to extract files into arbitrary locations on the system.

The vulnerability exists due to the zipfile module does not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value when extracting files. A remote attacker can use a specially crafted zip file to extract data into arbitrary locations on the system.


2) Inefficient algorithmic complexity (CVE-ID: CVE-2025-12084)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to usage of a quadratic algorithm when building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache(). A remote attacker can force the application to create excessively nested documents, leading to a denial of service condition. 


Remediation

Install update from vendor's website.

References