Security update for python312 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:0521-1 Final 1 1 2025-02-13T16:11:00Z current 2025-02-13T16:11:00Z 2025-02-13T16:11:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python312 This update for python312 fixes the following issues: - CVE-2025-0938: Functions `urllib.parse.urlsplit` and `urlparse` accept domain names including square brackets (bsc#1236705). - CVE-2024-12254: Unbounded memory buffering in SelectorSocketTransport.writelines() (bsc#1234290). Other bugfixes: - Position of SUSE Python interpreters on Externally managed environments (bsc#1228165). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container bci/python:latest-2025-521,SUSE-2025-521,SUSE-SLE-Module-Python3-15-SP6-2025-521,openSUSE-SLE-15.6-2025-521 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20250521-1/ Link for SUSE-SU-2025:0521-1 https://lists.suse.com/pipermail/sle-security-updates/2025-February/020339.html E-Mail link for SUSE-SU-2025:0521-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1228165 SUSE Bug 1228165 https://bugzilla.suse.com/1234290 SUSE Bug 1234290 https://bugzilla.suse.com/1236705 SUSE Bug 1236705 https://www.suse.com/security/cve/CVE-2024-12254/ SUSE CVE CVE-2024-12254 page https://www.suse.com/security/cve/CVE-2025-0938/ SUSE CVE CVE-2025-0938 page Container bci/python:latest SUSE Linux Enterprise Module for Python 3 15 SP6 openSUSE Leap 15.6 libpython3_12-1_0-3.12.9-150600.3.18.1 python312-3.12.9-150600.3.18.1 python312-base-3.12.9-150600.3.18.1 python312-devel-3.12.9-150600.3.18.1 libpython3_12-1_0-32bit-3.12.9-150600.3.18.1 libpython3_12-1_0-64bit-3.12.9-150600.3.18.1 python312-32bit-3.12.9-150600.3.18.1 python312-64bit-3.12.9-150600.3.18.1 python312-base-32bit-3.12.9-150600.3.18.1 python312-base-64bit-3.12.9-150600.3.18.1 python312-curses-3.12.9-150600.3.18.1 python312-dbm-3.12.9-150600.3.18.1 python312-doc-3.12.9-150600.3.18.1 python312-doc-devhelp-3.12.9-150600.3.18.1 python312-idle-3.12.9-150600.3.18.1 python312-testsuite-3.12.9-150600.3.18.1 python312-tk-3.12.9-150600.3.18.1 python312-tools-3.12.9-150600.3.18.1 libpython3_12-1_0-3.12.9-150600.3.18.1 as a component of Container bci/python:latest python312-3.12.9-150600.3.18.1 as a component of Container bci/python:latest python312-base-3.12.9-150600.3.18.1 as a component of Container bci/python:latest python312-devel-3.12.9-150600.3.18.1 as a component of Container bci/python:latest libpython3_12-1_0-3.12.9-150600.3.18.1 as a component of SUSE Linux Enterprise Module for Python 3 15 SP6 python312-3.12.9-150600.3.18.1 as a component of SUSE Linux Enterprise Module for Python 3 15 SP6 python312-base-3.12.9-150600.3.18.1 as a component of SUSE Linux Enterprise Module for Python 3 15 SP6 python312-curses-3.12.9-150600.3.18.1 as a component of SUSE Linux Enterprise Module for Python 3 15 SP6 python312-dbm-3.12.9-150600.3.18.1 as a component of SUSE Linux Enterprise Module for Python 3 15 SP6 python312-devel-3.12.9-150600.3.18.1 as a component of SUSE Linux Enterprise Module for Python 3 15 SP6 python312-idle-3.12.9-150600.3.18.1 as a component of SUSE Linux Enterprise Module for Python 3 15 SP6 python312-tk-3.12.9-150600.3.18.1 as a component of SUSE Linux Enterprise Module for Python 3 15 SP6 python312-tools-3.12.9-150600.3.18.1 as a component of SUSE Linux Enterprise Module for Python 3 15 SP6 libpython3_12-1_0-3.12.9-150600.3.18.1 as a component of openSUSE Leap 15.6 libpython3_12-1_0-32bit-3.12.9-150600.3.18.1 as a component of openSUSE Leap 15.6 python312-3.12.9-150600.3.18.1 as a component of openSUSE Leap 15.6 python312-32bit-3.12.9-150600.3.18.1 as a component of openSUSE Leap 15.6 python312-base-3.12.9-150600.3.18.1 as a component of openSUSE Leap 15.6 python312-base-32bit-3.12.9-150600.3.18.1 as a component of openSUSE Leap 15.6 python312-curses-3.12.9-150600.3.18.1 as a component of openSUSE Leap 15.6 python312-dbm-3.12.9-150600.3.18.1 as a component of openSUSE Leap 15.6 python312-devel-3.12.9-150600.3.18.1 as a component of openSUSE Leap 15.6 python312-doc-3.12.9-150600.3.18.1 as a component of openSUSE Leap 15.6 python312-doc-devhelp-3.12.9-150600.3.18.1 as a component of openSUSE Leap 15.6 python312-idle-3.12.9-150600.3.18.1 as a component of openSUSE Leap 15.6 python312-testsuite-3.12.9-150600.3.18.1 as a component of openSUSE Leap 15.6 python312-tk-3.12.9-150600.3.18.1 as a component of openSUSE Leap 15.6 python312-tools-3.12.9-150600.3.18.1 as a component of openSUSE Leap 15.6 Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer potentially leading to memory exhaustion. This vulnerability likely impacts a small number of users, you must be using Python 3.12.0 or later, on macOS or Linux, using the asyncio module with protocols, and using .writelines() method which had new zero-copy-on-write behavior in Python 3.12.0 and later. If not all of these factors are true then your usage of Python is unaffected. CVE-2024-12254 Container bci/python:latest:libpython3_12-1_0-3.12.9-150600.3.18.1 Container bci/python:latest:python312-3.12.9-150600.3.18.1 Container bci/python:latest:python312-base-3.12.9-150600.3.18.1 Container bci/python:latest:python312-devel-3.12.9-150600.3.18.1 SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.9-150600.3.18.1 SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.9-150600.3.18.1 SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.9-150600.3.18.1 SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.9-150600.3.18.1 SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.9-150600.3.18.1 SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.9-150600.3.18.1 SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.9-150600.3.18.1 SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.9-150600.3.18.1 SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.9-150600.3.18.1 openSUSE Leap 15.6:libpython3_12-1_0-3.12.9-150600.3.18.1 openSUSE Leap 15.6:libpython3_12-1_0-32bit-3.12.9-150600.3.18.1 openSUSE Leap 15.6:python312-3.12.9-150600.3.18.1 openSUSE Leap 15.6:python312-32bit-3.12.9-150600.3.18.1 openSUSE Leap 15.6:python312-base-3.12.9-150600.3.18.1 openSUSE Leap 15.6:python312-base-32bit-3.12.9-150600.3.18.1 openSUSE Leap 15.6:python312-curses-3.12.9-150600.3.18.1 openSUSE Leap 15.6:python312-dbm-3.12.9-150600.3.18.1 openSUSE Leap 15.6:python312-devel-3.12.9-150600.3.18.1 openSUSE Leap 15.6:python312-doc-3.12.9-150600.3.18.1 openSUSE Leap 15.6:python312-doc-devhelp-3.12.9-150600.3.18.1 openSUSE Leap 15.6:python312-idle-3.12.9-150600.3.18.1 openSUSE Leap 15.6:python312-testsuite-3.12.9-150600.3.18.1 openSUSE Leap 15.6:python312-tk-3.12.9-150600.3.18.1 openSUSE Leap 15.6:python312-tools-3.12.9-150600.3.18.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250521-1/ https://www.suse.com/security/cve/CVE-2024-12254.html CVE-2024-12254 https://bugzilla.suse.com/1234290 SUSE Bug 1234290 The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers. CVE-2025-0938 Container bci/python:latest:libpython3_12-1_0-3.12.9-150600.3.18.1 Container bci/python:latest:python312-3.12.9-150600.3.18.1 Container bci/python:latest:python312-base-3.12.9-150600.3.18.1 Container bci/python:latest:python312-devel-3.12.9-150600.3.18.1 SUSE Linux Enterprise Module for Python 3 15 SP6:libpython3_12-1_0-3.12.9-150600.3.18.1 SUSE Linux Enterprise Module for Python 3 15 SP6:python312-3.12.9-150600.3.18.1 SUSE Linux Enterprise Module for Python 3 15 SP6:python312-base-3.12.9-150600.3.18.1 SUSE Linux Enterprise Module for Python 3 15 SP6:python312-curses-3.12.9-150600.3.18.1 SUSE Linux Enterprise Module for Python 3 15 SP6:python312-dbm-3.12.9-150600.3.18.1 SUSE Linux Enterprise Module for Python 3 15 SP6:python312-devel-3.12.9-150600.3.18.1 SUSE Linux Enterprise Module for Python 3 15 SP6:python312-idle-3.12.9-150600.3.18.1 SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tk-3.12.9-150600.3.18.1 SUSE Linux Enterprise Module for Python 3 15 SP6:python312-tools-3.12.9-150600.3.18.1 openSUSE Leap 15.6:libpython3_12-1_0-3.12.9-150600.3.18.1 openSUSE Leap 15.6:libpython3_12-1_0-32bit-3.12.9-150600.3.18.1 openSUSE Leap 15.6:python312-3.12.9-150600.3.18.1 openSUSE Leap 15.6:python312-32bit-3.12.9-150600.3.18.1 openSUSE Leap 15.6:python312-base-3.12.9-150600.3.18.1 openSUSE Leap 15.6:python312-base-32bit-3.12.9-150600.3.18.1 openSUSE Leap 15.6:python312-curses-3.12.9-150600.3.18.1 openSUSE Leap 15.6:python312-dbm-3.12.9-150600.3.18.1 openSUSE Leap 15.6:python312-devel-3.12.9-150600.3.18.1 openSUSE Leap 15.6:python312-doc-3.12.9-150600.3.18.1 openSUSE Leap 15.6:python312-doc-devhelp-3.12.9-150600.3.18.1 openSUSE Leap 15.6:python312-idle-3.12.9-150600.3.18.1 openSUSE Leap 15.6:python312-testsuite-3.12.9-150600.3.18.1 openSUSE Leap 15.6:python312-tk-3.12.9-150600.3.18.1 openSUSE Leap 15.6:python312-tools-3.12.9-150600.3.18.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250521-1/ https://www.suse.com/security/cve/CVE-2025-0938.html CVE-2025-0938 https://bugzilla.suse.com/1236705 SUSE Bug 1236705