ALSA-2025:10128

[ALSA-2025:10128] Important: python3 security update

Type:

security

Severity:

important

Release date:

2025-07-02

Description:

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.  

Security Fix(es):  

  * cpython: Tarfile extracts filtered members when errorlevel=0 (CVE-2025-4435)
  * cpython: Bypass extraction filter to modify file metadata outside extraction directory (CVE-2024-12718)
  * cpython: Extraction filter bypass for linking outside extraction directory (CVE-2025-4330)
  * python: cpython: Arbitrary writes via tarfile realpath overflow (CVE-2025-4517)
  * cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory (CVE-2025-4138)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	python3-test-3.6.8-70.el8_10.alma.1.aarch64.rpm	0bd4284b66833dbce53570635be9e4b365e135c44fbe5ca3f3feaa2716d3776a
aarch64	platform-python-3.6.8-70.el8_10.alma.1.aarch64.rpm	2dcc975318b97f5813e41a7339945169cc21f058faf6c47f66adc99159923916
aarch64	python3-tkinter-3.6.8-70.el8_10.alma.1.aarch64.rpm	668175d83c233875739a82d7dfe40e1699dc27836e0b29777eec4b7ece3953b6
aarch64	python3-libs-3.6.8-70.el8_10.alma.1.aarch64.rpm	6e7f4287da641f871e541a55aba47c2ab2f0830806d8511c8bca01c0d59413f2
aarch64	platform-python-devel-3.6.8-70.el8_10.alma.1.aarch64.rpm	76d4d3c646b045da4c42171c976e98576727637321ca637448dd149aaf048dd0
aarch64	python3-idle-3.6.8-70.el8_10.alma.1.aarch64.rpm	bd633449dab86edcb94884b5ec25a48a1abd7eeb8f1a0214d4ddaad1a25315c8
aarch64	platform-python-debug-3.6.8-70.el8_10.alma.1.aarch64.rpm	c62b76d487cbcf2c2ae99b91441cd955efabb3204514d2b1c8c4eeef977777bd
i686	python3-tkinter-3.6.8-70.el8_10.alma.1.i686.rpm	148b0f6d1ada401eeadd9e82e68a851dcc2d4e32398a629e8526d11b79afc60e
i686	python3-libs-3.6.8-70.el8_10.alma.1.i686.rpm	3d77eadf40a17b90dd4131040231bada30b47d8cdca572d8e9a257e15bf0f524
i686	python3-test-3.6.8-70.el8_10.alma.1.i686.rpm	6f3d69c9b3dfd025f19fd25910e1667713f70935d0a87957c5a08bfbf6077578
i686	python3-idle-3.6.8-70.el8_10.alma.1.i686.rpm	7409b876cc134b0c8a1d3e5ddc3fb2efed1d920e027a9b5a958d3c9933bcda70
i686	platform-python-3.6.8-70.el8_10.alma.1.i686.rpm	9ce85257e7a585606a35420897bcd2c2bf98063f0afbda43a18b29da7112c2a0
i686	platform-python-devel-3.6.8-70.el8_10.alma.1.i686.rpm	bd25a255d02d52385fbaf3300dc8c43be7b1d40df0bc26bd645e90148f753783
i686	platform-python-debug-3.6.8-70.el8_10.alma.1.i686.rpm	eb57bd1d1fd2861c0f2dd96c38ee2953c7c2b362eb516d1d7dc452e58f1ef52c
ppc64le	python3-libs-3.6.8-70.el8_10.alma.1.ppc64le.rpm	1f5e7b5f5177e9706ad8adbeaf1d365fa037366718e7f38d8008f02689aff572
ppc64le	platform-python-debug-3.6.8-70.el8_10.alma.1.ppc64le.rpm	351ddb5e698615c4a349f16d9faddc897762c21844d397e5ac1c6cea65e44491
ppc64le	platform-python-3.6.8-70.el8_10.alma.1.ppc64le.rpm	60aab753d7090dccf3d14778bd827684352312648925b0cdb7b819325598c1d5
ppc64le	python3-test-3.6.8-70.el8_10.alma.1.ppc64le.rpm	b46293b6ad66971017b9b8f67c76d13dfd67b1e7ecd5c1f6958aec65f85ac970
ppc64le	platform-python-devel-3.6.8-70.el8_10.alma.1.ppc64le.rpm	c726e73b15b5868cdc09777d095c00f33dd183d98f398fb0dc3a9149b8abc153
ppc64le	python3-idle-3.6.8-70.el8_10.alma.1.ppc64le.rpm	d16a3a503bb799c54e50551c0c79f0617125c35dcbe6213eb94b9400f94e5783
ppc64le	python3-tkinter-3.6.8-70.el8_10.alma.1.ppc64le.rpm	f5385099464f559aa48933b26d60718d90ffdfb2a73a963a9649e75fb99273c2
s390x	python3-libs-3.6.8-70.el8_10.alma.1.s390x.rpm	3ef7276a5b03189ed418aa6c37d9334ff154a1680e1c66712290c20df3113c9c
s390x	platform-python-devel-3.6.8-70.el8_10.alma.1.s390x.rpm	5d0a811aa3c33deb07c6aca7c9afcb79f58f7d735f2f2ce17af0b7d936b5fbe5
s390x	platform-python-debug-3.6.8-70.el8_10.alma.1.s390x.rpm	6bc6a0b5f85f62eebee28de789816dcbab21ef6ac8ae86cf5858a4137753cde0
s390x	platform-python-3.6.8-70.el8_10.alma.1.s390x.rpm	9934b3aa3b217953a5ae7b455e0c05d1f1279dde6cb0dde63859cb50c1670eee
s390x	python3-test-3.6.8-70.el8_10.alma.1.s390x.rpm	bf78e8dcde2388755247d1d851b3d837173f29f67f415d863840952014ef1049
s390x	python3-idle-3.6.8-70.el8_10.alma.1.s390x.rpm	c3ef68866413c628e97e5033a49eea3c4a7cf83b8d540e80f7770583f12bfca3
s390x	python3-tkinter-3.6.8-70.el8_10.alma.1.s390x.rpm	dffc7ca2f1c1ee0ba06a1f58e0c105ca2887e48a4d877e606055a89c9a1a274f
x86_64	python3-libs-3.6.8-70.el8_10.alma.1.x86_64.rpm	22130ddb515da903301d5b08c4c77a4d75eeb49948ba9227ba32abdaeb5c6e96
x86_64	python3-test-3.6.8-70.el8_10.alma.1.x86_64.rpm	2ec8a8d8e803b39a7d16ba89af9b1ac817439765c7dc99465868563c65c11be8
x86_64	platform-python-3.6.8-70.el8_10.alma.1.x86_64.rpm	590ed349b110e41b1dfbfa0550be89428b7e932a2b0bf4cfae80af323af9ab13
x86_64	platform-python-debug-3.6.8-70.el8_10.alma.1.x86_64.rpm	75b1368af2ae27eb2f0f48db37b9e5fc35329b3a8bdb02599e829ff1f8281b41
x86_64	python3-tkinter-3.6.8-70.el8_10.alma.1.x86_64.rpm	a30b1946f62c31674daacf963f13a58366ec4accef6ed4e4053767cc4db04904
x86_64	python3-idle-3.6.8-70.el8_10.alma.1.x86_64.rpm	dd517c854b7df3dc11e28e2c9e003dfea901d49c93e4d66bbeecf24decd18630
x86_64	platform-python-devel-3.6.8-70.el8_10.alma.1.x86_64.rpm	f4d13be48198fc2da016d23d9aed4333b41e79f6fae326571e98415f9fa761c3

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.