python313-3.13.5-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:16350 Final 1 1 2025-07-03T00:00:00Z current 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z python313-3.13.5-2.1 on GA media These are all security issues fixed in the python313-3.13.5-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-16350 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-12718/ SUSE CVE CVE-2024-12718 page https://www.suse.com/security/cve/CVE-2025-4330/ SUSE CVE CVE-2025-4330 page https://www.suse.com/security/cve/CVE-2025-4517/ SUSE CVE CVE-2025-4517 page openSUSE Tumbleweed python313-3.13.5-2.1 python313-32bit-3.13.5-2.1 python313-curses-3.13.5-2.1 python313-dbm-3.13.5-2.1 python313-idle-3.13.5-2.1 python313-tk-3.13.5-2.1 python313-x86-64-v3-3.13.5-2.1 python313-3.13.5-2.1 as a component of openSUSE Tumbleweed python313-32bit-3.13.5-2.1 as a component of openSUSE Tumbleweed python313-curses-3.13.5-2.1 as a component of openSUSE Tumbleweed python313-dbm-3.13.5-2.1 as a component of openSUSE Tumbleweed python313-idle-3.13.5-2.1 as a component of openSUSE Tumbleweed python313-tk-3.13.5-2.1 as a component of openSUSE Tumbleweed python313-x86-64-v3-3.13.5-2.1 as a component of openSUSE Tumbleweed Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links. CVE-2024-12718 openSUSE Tumbleweed:python313-3.13.5-2.1 openSUSE Tumbleweed:python313-32bit-3.13.5-2.1 openSUSE Tumbleweed:python313-curses-3.13.5-2.1 openSUSE Tumbleweed:python313-dbm-3.13.5-2.1 openSUSE Tumbleweed:python313-idle-3.13.5-2.1 openSUSE Tumbleweed:python313-tk-3.13.5-2.1 openSUSE Tumbleweed:python313-x86-64-v3-3.13.5-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-12718.html CVE-2024-12718 https://bugzilla.suse.com/1244056 SUSE Bug 1244056 Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links. CVE-2025-4330 openSUSE Tumbleweed:python313-3.13.5-2.1 openSUSE Tumbleweed:python313-32bit-3.13.5-2.1 openSUSE Tumbleweed:python313-curses-3.13.5-2.1 openSUSE Tumbleweed:python313-dbm-3.13.5-2.1 openSUSE Tumbleweed:python313-idle-3.13.5-2.1 openSUSE Tumbleweed:python313-tk-3.13.5-2.1 openSUSE Tumbleweed:python313-x86-64-v3-3.13.5-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-4330.html CVE-2025-4330 https://bugzilla.suse.com/1244060 SUSE Bug 1244060 Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links. CVE-2025-4517 openSUSE Tumbleweed:python313-3.13.5-2.1 openSUSE Tumbleweed:python313-32bit-3.13.5-2.1 openSUSE Tumbleweed:python313-curses-3.13.5-2.1 openSUSE Tumbleweed:python313-dbm-3.13.5-2.1 openSUSE Tumbleweed:python313-idle-3.13.5-2.1 openSUSE Tumbleweed:python313-tk-3.13.5-2.1 openSUSE Tumbleweed:python313-x86-64-v3-3.13.5-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-4517.html CVE-2025-4517 https://bugzilla.suse.com/1244032 SUSE Bug 1244032