Early Access — Mondoo Vulnerability Intelligence is currently in preview.

SUSE-SU-2025:4389-1 | Mondoo Vulnerability Intelligence

SUSE-SU-2025:4389-1

UNKNOWN

Security update for python

Published Dec 12, 2025

Modified 1 months ago

Fix available

Details

This update for python fixes the following issues:

CVE-2025-6075: quadratic complexity in os.path.expandvars() can lead to performance degradation when values passed to it are user-controlled (bsc#1252974).
CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the zipfile module (bsc#1251305).

Affected Packages

SUSE:Linux Enterprise Module for Package Hub 15 SP6libpython2_7-1_0

Fixed in:

2.7.18-150000.89.2

SUSE:Linux Enterprise Module for Package Hub 15 SP6python

Fixed in:

2.7.18-150000.89.1

SUSE:Linux Enterprise Module for Package Hub 15 SP6python-base

Fixed in:

2.7.18-150000.89.2

SUSE:Linux Enterprise Module for Package Hub 15 SP6python-curses

Fixed in:

2.7.18-150000.89.1

SUSE:Linux Enterprise Module for Package Hub 15 SP6python-gdbm

Fixed in:

2.7.18-150000.89.1

SUSE:Linux Enterprise Module for Package Hub 15 SP6python-xml

Fixed in:

2.7.18-150000.89.2

SUSE:Linux Enterprise Module for Package Hub 15 SP7libpython2_7-1_0

Fixed in:

2.7.18-150000.89.2

SUSE:Linux Enterprise Module for Package Hub 15 SP7python

Fixed in:

2.7.18-150000.89.1

SUSE:Linux Enterprise Module for Package Hub 15 SP7python-base

Fixed in:

2.7.18-150000.89.2

SUSE:Linux Enterprise Module for Package Hub 15 SP7python-curses

Fixed in:

2.7.18-150000.89.1

SUSE:Linux Enterprise Module for Package Hub 15 SP7python-gdbm

Fixed in:

2.7.18-150000.89.1

SUSE:Linux Enterprise Module for Package Hub 15 SP7python-xml

Fixed in:

2.7.18-150000.89.2

openSUSE:Leap 15.6libpython2_7-1_0

Fixed in:

2.7.18-150000.89.2

openSUSE:Leap 15.6libpython2_7-1_0-32bit

Fixed in:

2.7.18-150000.89.2

openSUSE:Leap 15.6python

Fixed in:

2.7.18-150000.89.1

openSUSE:Leap 15.6python-32bit

Fixed in:

2.7.18-150000.89.1

openSUSE:Leap 15.6python-base

Fixed in:

2.7.18-150000.89.2

openSUSE:Leap 15.6python-base-32bit

Fixed in:

2.7.18-150000.89.2

openSUSE:Leap 15.6python-curses

Fixed in:

2.7.18-150000.89.1

openSUSE:Leap 15.6python-demo

Fixed in:

2.7.18-150000.89.1

openSUSE:Leap 15.6python-devel

Fixed in:

2.7.18-150000.89.2

openSUSE:Leap 15.6python-doc

Fixed in:

2.7.18-150000.89.1

openSUSE:Leap 15.6python-doc-pdf

Fixed in:

2.7.18-150000.89.1

openSUSE:Leap 15.6python-gdbm

Fixed in:

2.7.18-150000.89.1

openSUSE:Leap 15.6python-idle

Fixed in:

2.7.18-150000.89.1

openSUSE:Leap 15.6python-tk

Fixed in:

2.7.18-150000.89.1

openSUSE:Leap 15.6python-xml

Fixed in:

2.7.18-150000.89.2

References

REPORThttps://bugzilla.suse.com/1251305 REPORThttps://bugzilla.suse.com/1252974 WEBhttps://www.suse.com/security/cve/CVE-2025-6075 WEBhttps://www.suse.com/security/cve/CVE-2025-8291 ADVISORYhttps://www.suse.com/support/update/announcement/2025/suse-su-20254389-1/

Upstream

CVE-2025-6075 CVE-2025-8291

Related

CVE-2025-6075 CVE-2025-8291

Ecosystems

SUSE Linux Enterprise Module for Package Hub 15 SP6 SUSE Linux Enterprise Module for Package Hub 15 SP7 openSUSE Leap 15.6

Timeline

PublishedDec 12, 2025

ModifiedDec 12, 2025