ALSA-2025:10140

[ALSA-2025:10140] Important: python3.12 security update

Type:

security

Severity:

important

Release date:

2025-07-03

Description:

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.  

Security Fix(es):  

  * cpython: Tarfile extracts filtered members when errorlevel=0 (CVE-2025-4435)
  * cpython: Bypass extraction filter to modify file metadata outside extraction directory (CVE-2024-12718)
  * cpython: Extraction filter bypass for linking outside extraction directory (CVE-2025-4330)
  * python: cpython: Arbitrary writes via tarfile realpath overflow (CVE-2025-4517)
  * cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory (CVE-2025-4138)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	python3-3.12.9-2.el10_0.2.aarch64.rpm	0238a2f19ebba141c0c1e4994b4d4d256c971441d2a2cf91c7d55f39a4a6af28
aarch64	python3-idle-3.12.9-2.el10_0.2.aarch64.rpm	039bf9f584627054bd47412649bb46832487d7b0e976cedae6e4a70be81812ce
aarch64	python3-debug-3.12.9-2.el10_0.2.aarch64.rpm	18ff76336e32a3fa23efef45d6a98a8cec1ab2c78c01f79e5c9f669cd53756d0
aarch64	python3-tkinter-3.12.9-2.el10_0.2.aarch64.rpm	4c43030588548272332dbbb1a7f1f92eabd7283f1a87b372655534afc0c66e9a
aarch64	python3-test-3.12.9-2.el10_0.2.aarch64.rpm	54021d1384f2743dee0116cc3b437c819016aeb8edaf80019188ff02740dbedf
aarch64	python3-devel-3.12.9-2.el10_0.2.aarch64.rpm	6c75566485765404e201dae2ca341471215e8dc5e996193cf2d96f016f7736ae
aarch64	python3-libs-3.12.9-2.el10_0.2.aarch64.rpm	f92e69331bd9c5f6f8e9885034eb2844861f170d132a6e032288146408fa6d77
noarch	python-unversioned-command-3.12.9-2.el10_0.2.noarch.rpm	d255de67dd2efc228d23f32fbcb80a822a9bed2e8f9bf1c7699c8598ac684ba3
ppc64le	python3-devel-3.12.9-2.el10_0.2.ppc64le.rpm	0f6e1f2249d8d3292c66a54f58912d25cc04217a8b003db77871daae8a8ff8f5
ppc64le	python3-debug-3.12.9-2.el10_0.2.ppc64le.rpm	1624f0b9637451a7146931e972733b1897b8e1685a91ef271fbaa1f817142129
ppc64le	python3-3.12.9-2.el10_0.2.ppc64le.rpm	169bbc73f8f152b9a7c84ef5e45ff2ac3dabcfc6a3eb9efb0315234f5bc96901
ppc64le	python3-libs-3.12.9-2.el10_0.2.ppc64le.rpm	774142dc81a9f7baa864e497630bc125cdd257acb417d824f8904a0e8efdc133
ppc64le	python3-idle-3.12.9-2.el10_0.2.ppc64le.rpm	a662a27ee79809dd4b1e16482ae724fc5bce555b808efe528d15ff25122f1ab5
ppc64le	python3-tkinter-3.12.9-2.el10_0.2.ppc64le.rpm	dac88423d733ffe5504fd6d76022f02d65472e857cf4adce4709c7022cd5eda3
ppc64le	python3-test-3.12.9-2.el10_0.2.ppc64le.rpm	f164c667be756b6ba9925ef4c2db594784eb4d1520df248696c8d639d5a8b958
s390x	python3-devel-3.12.9-2.el10_0.2.s390x.rpm	4eb1c0fb603a9dbe3e12e9aaa70637511a6077d19153d5ebeab21042ad2c166a
s390x	python3-libs-3.12.9-2.el10_0.2.s390x.rpm	75155da0c52dfe8d5414afeab6e8ba71da8b1cc5214e1df475ea91fa9cd853ec
s390x	python3-test-3.12.9-2.el10_0.2.s390x.rpm	91873e36c84968608de849c167d3cfd944c637308f700319d2fbaef2b27f95f0
s390x	python3-debug-3.12.9-2.el10_0.2.s390x.rpm	99e72744b09b3572392e473d4048b77758cd891516c0d06e58bcde471461a186
s390x	python3-idle-3.12.9-2.el10_0.2.s390x.rpm	a1558f734d8b2081cdb11c1f55e8a2a6576a158b34b82d8ebc215d03c0682c79
s390x	python3-tkinter-3.12.9-2.el10_0.2.s390x.rpm	a6533c5ea5d2b225f3cdeed077355bdd750e21a080ad129fa75df28350009917
s390x	python3-3.12.9-2.el10_0.2.s390x.rpm	f3e60b869fe73610252736c56a6155aaef36cccc2da421f2eb5072c2265eca8f
x86_64	python3-3.12.9-2.el10_0.2.x86_64.rpm	265753d77e4d3abd5b3608c9254fe0a539bf9cc84d4ee933f89b7d5ca083ba16
x86_64	python3-devel-3.12.9-2.el10_0.2.x86_64.rpm	2852208fdb19d223471b680faa56eac655ea5b9084d3a30b75130f9863a5569f
x86_64	python3-test-3.12.9-2.el10_0.2.x86_64.rpm	311c3a00ee83705d76ceb1e4d4880092cc0af331b20948753c54392c7f53c20e
x86_64	python3-libs-3.12.9-2.el10_0.2.x86_64.rpm	6daa769bbb0dcf0372e59dac2ce6a7a3e1b1c80ade3b85add705b071984ac6f8
x86_64	python3-tkinter-3.12.9-2.el10_0.2.x86_64.rpm	7f49c61d9f1ac4233eeab9e6bb141acc906cde11efb68c8880038767f59c2b82
x86_64	python3-debug-3.12.9-2.el10_0.2.x86_64.rpm	ce8eb565edf81cdb998b7b3f55f4a8d3e33f2e7aa98abaae8d63e0a333e1f272
x86_64	python3-idle-3.12.9-2.el10_0.2.x86_64.rpm	fb295e5b12701a0894a15d6e4df95d78ee472023741ed297ff2d7ebbc5dfb3bd
x86_64_v2	python3-test-3.12.9-2.el10_0.2.x86_64_v2.rpm	028181361612dfdcda9f991c804be10a8468a8b317f10fa982a1bb24fc0de1d8
x86_64_v2	python3-devel-3.12.9-2.el10_0.2.x86_64_v2.rpm	0b038dd109d2dc303a73446d6ba511236d35de8befe376f9540023aa4a923667
x86_64_v2	python3-3.12.9-2.el10_0.2.x86_64_v2.rpm	2463701b3fea66d8006a010824f2f89768974b643d8b8d6bfcf63641ad816642
x86_64_v2	python3-idle-3.12.9-2.el10_0.2.x86_64_v2.rpm	49250b5f28b5ff3a59973558331d94a54622873607eaa914ced03d923249523f
x86_64_v2	python3-debug-3.12.9-2.el10_0.2.x86_64_v2.rpm	ae82942a94d57ed62c555cecde2091c4be66af94d04eab540bebb82e85e69576
x86_64_v2	python3-libs-3.12.9-2.el10_0.2.x86_64_v2.rpm	b35eff02001732c952bef0135f8702307c23b86cd452c1059751ee479359e0e6
x86_64_v2	python3-tkinter-3.12.9-2.el10_0.2.x86_64_v2.rpm	c3f7b429c63f8a3f4285b432a40e2c476e91bf193ba680cb66a96db08597e1f8

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.