Security update for python-uv SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:20330-1 Final 1 1 2026-03-06T14:43:28Z current 2026-03-06T14:43:28Z 2026-03-06T14:43:28Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-uv This update for python-uv fixes the following issue: - CVE-2025-13327: parsing differentials when processing specially crafted ZIP archives during package installation can lead to arbitrary code execution (bsc#1258993). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Leap-16.0-363 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1258993 SUSE Bug 1258993 https://www.suse.com/security/cve/CVE-2025-13327/ SUSE CVE CVE-2025-13327 page openSUSE Leap 16.0 python313-uv-0.7.18-160000.4.1 python313-uv-bash-completion-0.7.18-160000.4.1 python313-uv-fish-completion-0.7.18-160000.4.1 python313-uv-zsh-completion-0.7.18-160000.4.1 python313-uv-0.7.18-160000.4.1 as a component of openSUSE Leap 16.0 python313-uv-bash-completion-0.7.18-160000.4.1 as a component of openSUSE Leap 16.0 python313-uv-fish-completion-0.7.18-160000.4.1 as a component of openSUSE Leap 16.0 python313-uv-zsh-completion-0.7.18-160000.4.1 as a component of openSUSE Leap 16.0 A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP (Zipped Information Package) archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package. CVE-2025-13327 openSUSE Leap 16.0:python313-uv-0.7.18-160000.4.1 openSUSE Leap 16.0:python313-uv-bash-completion-0.7.18-160000.4.1 openSUSE Leap 16.0:python313-uv-fish-completion-0.7.18-160000.4.1 openSUSE Leap 16.0:python313-uv-zsh-completion-0.7.18-160000.4.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-13327.html CVE-2025-13327 https://bugzilla.suse.com/1258993 SUSE Bug 1258993