Security update for python-pycares SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:03354-1 Final 1 1 2025-09-25T13:29:37Z current 2025-09-25T13:29:37Z 2025-09-25T13:29:37Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-pycares This update for python-pycares fixes the following issues: Update to version 4.10.0 (jsc#PED-13442): - CVE-2025-48945: Fixed use-after-free vulnerability may have led to a crash (bsc#1244691). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-3354,SUSE-SLE-Module-Python3-15-SP6-2025-3354,SUSE-SLE-Module-Python3-15-SP7-2025-3354,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3354,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3354,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3354,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3354,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3354,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3354,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3354,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3354,openSUSE-SLE-15.6-2025-3354 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202503354-1/ Link for SUSE-SU-2025:03354-1 https://lists.suse.com/pipermail/sle-security-updates/2025-September/022640.html E-Mail link for SUSE-SU-2025:03354-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1244691 SUSE Bug 1244691 https://www.suse.com/security/cve/CVE-2025-48945/ SUSE CVE CVE-2025-48945 page SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Module for Python 3 15 SP6 SUSE Linux Enterprise Module for Python 3 15 SP7 SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server 15 SP5-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 openSUSE Leap 15.6 python311-pycares-4.10.0-150400.9.8.1 python311-pycares-4.10.0-150400.9.8.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS python311-pycares-4.10.0-150400.9.8.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS python311-pycares-4.10.0-150400.9.8.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS python311-pycares-4.10.0-150400.9.8.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS python311-pycares-4.10.0-150400.9.8.1 as a component of SUSE Linux Enterprise Module for Python 3 15 SP6 python311-pycares-4.10.0-150400.9.8.1 as a component of SUSE Linux Enterprise Module for Python 3 15 SP7 python311-pycares-4.10.0-150400.9.8.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS python311-pycares-4.10.0-150400.9.8.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS python311-pycares-4.10.0-150400.9.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 python311-pycares-4.10.0-150400.9.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 python311-pycares-4.10.0-150400.9.8.1 as a component of openSUSE Leap 15.6 pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously. Prior to version 4.9.0, pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash. The vulnerability has been fixed in pycares 4.9.0 by implementing a safe channel destruction mechanism. CVE-2025-48945 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python311-pycares-4.10.0-150400.9.8.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python311-pycares-4.10.0-150400.9.8.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python311-pycares-4.10.0-150400.9.8.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python311-pycares-4.10.0-150400.9.8.1 SUSE Linux Enterprise Module for Python 3 15 SP6:python311-pycares-4.10.0-150400.9.8.1 SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pycares-4.10.0-150400.9.8.1 SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pycares-4.10.0-150400.9.8.1 SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pycares-4.10.0-150400.9.8.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:python311-pycares-4.10.0-150400.9.8.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:python311-pycares-4.10.0-150400.9.8.1 openSUSE Leap 15.6:python311-pycares-4.10.0-150400.9.8.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202503354-1/ https://www.suse.com/security/cve/CVE-2025-48945.html CVE-2025-48945 https://bugzilla.suse.com/1244691 SUSE Bug 1244691