Security update for python3 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0210-1 Final 1 1 2026-01-22T09:07:42Z current 2026-01-22T09:07:42Z 2026-01-22T09:07:42Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python3 This update for python3 fixes the following issues: Security fixes: - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-4330: Fixed extraction filter bypass for linking outside extraction directory (bsc#1244060) - CVE-2007-4559: Fixed python tarfile module directory traversal (bsc#1203750) - CVE-2024-12718: Fixed bypass extraction filter to modify file metadata outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed symlinking targets to not point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4435: Fixed tarfile extracting filtered members when errorlevel=0 (bsc#1244061) Other fixes: - Fixed two shebangs with /usr/local/bin/python The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES12-SP5-GCE-On-Demand-2026-210,SUSE-2026-210,SUSE-SLE-SERVER-12-SP5-LTSS-2026-210,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-210 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260210-1/ Link for SUSE-SU-2026:0210-1 https://lists.suse.com/pipermail/sle-security-updates/2026-January/023842.html E-Mail link for SUSE-SU-2026:0210-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1203750 SUSE Bug 1203750 https://bugzilla.suse.com/1244032 SUSE Bug 1244032 https://bugzilla.suse.com/1244056 SUSE Bug 1244056 https://bugzilla.suse.com/1244059 SUSE Bug 1244059 https://bugzilla.suse.com/1244060 SUSE Bug 1244060 https://bugzilla.suse.com/1244061 SUSE Bug 1244061 https://bugzilla.suse.com/1251841 SUSE Bug 1251841 https://www.suse.com/security/cve/CVE-2007-4559/ SUSE CVE CVE-2007-4559 page https://www.suse.com/security/cve/CVE-2024-12718/ SUSE CVE CVE-2024-12718 page https://www.suse.com/security/cve/CVE-2025-4138/ SUSE CVE CVE-2025-4138 page https://www.suse.com/security/cve/CVE-2025-4330/ SUSE CVE CVE-2025-4330 page https://www.suse.com/security/cve/CVE-2025-4435/ SUSE CVE CVE-2025-4435 page https://www.suse.com/security/cve/CVE-2025-4517/ SUSE CVE CVE-2025-4517 page Image SLES12-SP5-GCE-On-Demand SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libpython3_4m1_0-3.4.10-25.169.1 python3-3.4.10-25.169.1 python3-base-3.4.10-25.169.1 libpython3_4m1_0-32bit-3.4.10-25.169.1 libpython3_4m1_0-64bit-3.4.10-25.169.1 python3-32bit-3.4.10-25.169.1 python3-64bit-3.4.10-25.169.1 python3-base-32bit-3.4.10-25.169.1 python3-base-64bit-3.4.10-25.169.1 python3-curses-3.4.10-25.169.1 python3-dbm-3.4.10-25.169.1 python3-devel-3.4.10-25.169.1 python3-doc-3.4.10-25.169.1 python3-doc-pdf-3.4.10-25.169.1 python3-idle-3.4.10-25.169.1 python3-testsuite-3.4.10-25.169.1 python3-tk-3.4.10-25.169.1 python3-tools-3.4.10-25.169.1 libpython3_4m1_0-3.4.10-25.169.1 as a component of Image SLES12-SP5-GCE-On-Demand python3-3.4.10-25.169.1 as a component of Image SLES12-SP5-GCE-On-Demand python3-base-3.4.10-25.169.1 as a component of Image SLES12-SP5-GCE-On-Demand libpython3_4m1_0-3.4.10-25.169.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libpython3_4m1_0-32bit-3.4.10-25.169.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS python3-3.4.10-25.169.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS python3-base-3.4.10-25.169.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS python3-curses-3.4.10-25.169.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS python3-devel-3.4.10-25.169.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS python3-tk-3.4.10-25.169.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libpython3_4m1_0-3.4.10-25.169.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libpython3_4m1_0-32bit-3.4.10-25.169.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 python3-3.4.10-25.169.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 python3-base-3.4.10-25.169.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 python3-curses-3.4.10-25.169.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 python3-devel-3.4.10-25.169.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 python3-tk-3.4.10-25.169.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559 Image SLES12-SP5-GCE-On-Demand:libpython3_4m1_0-3.4.10-25.169.1 Image SLES12-SP5-GCE-On-Demand:python3-3.4.10-25.169.1 Image SLES12-SP5-GCE-On-Demand:python3-base-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libpython3_4m1_0-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libpython3_4m1_0-32bit-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-base-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-curses-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-devel-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-tk-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython3_4m1_0-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython3_4m1_0-32bit-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-base-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-curses-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-devel-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-tk-3.4.10-25.169.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260210-1/ https://www.suse.com/security/cve/CVE-2007-4559.html CVE-2007-4559 https://bugzilla.suse.com/1203750 SUSE Bug 1203750 https://bugzilla.suse.com/1204077 SUSE Bug 1204077 Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links. CVE-2024-12718 Image SLES12-SP5-GCE-On-Demand:libpython3_4m1_0-3.4.10-25.169.1 Image SLES12-SP5-GCE-On-Demand:python3-3.4.10-25.169.1 Image SLES12-SP5-GCE-On-Demand:python3-base-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libpython3_4m1_0-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libpython3_4m1_0-32bit-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-base-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-curses-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-devel-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-tk-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython3_4m1_0-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython3_4m1_0-32bit-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-base-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-curses-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-devel-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-tk-3.4.10-25.169.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260210-1/ https://www.suse.com/security/cve/CVE-2024-12718.html CVE-2024-12718 https://bugzilla.suse.com/1244056 SUSE Bug 1244056 Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links. CVE-2025-4138 Image SLES12-SP5-GCE-On-Demand:libpython3_4m1_0-3.4.10-25.169.1 Image SLES12-SP5-GCE-On-Demand:python3-3.4.10-25.169.1 Image SLES12-SP5-GCE-On-Demand:python3-base-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libpython3_4m1_0-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libpython3_4m1_0-32bit-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-base-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-curses-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-devel-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-tk-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython3_4m1_0-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython3_4m1_0-32bit-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-base-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-curses-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-devel-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-tk-3.4.10-25.169.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260210-1/ https://www.suse.com/security/cve/CVE-2025-4138.html CVE-2025-4138 https://bugzilla.suse.com/1244059 SUSE Bug 1244059 Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links. CVE-2025-4330 Image SLES12-SP5-GCE-On-Demand:libpython3_4m1_0-3.4.10-25.169.1 Image SLES12-SP5-GCE-On-Demand:python3-3.4.10-25.169.1 Image SLES12-SP5-GCE-On-Demand:python3-base-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libpython3_4m1_0-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libpython3_4m1_0-32bit-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-base-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-curses-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-devel-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-tk-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython3_4m1_0-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython3_4m1_0-32bit-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-base-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-curses-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-devel-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-tk-3.4.10-25.169.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260210-1/ https://www.suse.com/security/cve/CVE-2025-4330.html CVE-2025-4330 https://bugzilla.suse.com/1244060 SUSE Bug 1244060 When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped. CVE-2025-4435 Image SLES12-SP5-GCE-On-Demand:libpython3_4m1_0-3.4.10-25.169.1 Image SLES12-SP5-GCE-On-Demand:python3-3.4.10-25.169.1 Image SLES12-SP5-GCE-On-Demand:python3-base-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libpython3_4m1_0-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libpython3_4m1_0-32bit-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-base-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-curses-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-devel-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-tk-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython3_4m1_0-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython3_4m1_0-32bit-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-base-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-curses-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-devel-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-tk-3.4.10-25.169.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260210-1/ https://www.suse.com/security/cve/CVE-2025-4435.html CVE-2025-4435 https://bugzilla.suse.com/1244061 SUSE Bug 1244061 Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links. CVE-2025-4517 Image SLES12-SP5-GCE-On-Demand:libpython3_4m1_0-3.4.10-25.169.1 Image SLES12-SP5-GCE-On-Demand:python3-3.4.10-25.169.1 Image SLES12-SP5-GCE-On-Demand:python3-base-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libpython3_4m1_0-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libpython3_4m1_0-32bit-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-base-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-curses-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-devel-3.4.10-25.169.1 SUSE Linux Enterprise Server 12 SP5-LTSS:python3-tk-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython3_4m1_0-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpython3_4m1_0-32bit-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-base-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-curses-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-devel-3.4.10-25.169.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:python3-tk-3.4.10-25.169.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260210-1/ https://www.suse.com/security/cve/CVE-2025-4517.html CVE-2025-4517 https://bugzilla.suse.com/1244032 SUSE Bug 1244032