SUSE-SU-2025:4487-1

UNKNOWN

Security update for python36

Published Dec 18, 2025

Modified 4 weeks ago

Fix available

This update for python36 fixes the following issues:

CVE-2025-6075: quadratic complexity in os.path.expandvars() can lead to performance degradation when values passed to it are user-controlled (bsc#1252974).
CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the zipfile module (bsc#1251305).

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5libpython3_6m1_0

Fixed in:

3.6.15-94.1

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5libpython3_6m1_0-32bit

Fixed in:

3.6.15-94.1

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5python36

Fixed in:

3.6.15-94.1

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5python36-base

Fixed in:

3.6.15-94.1

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5python36-core

Fixed in:

3.6.15-94.1

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5python36-devel

Fixed in:

3.6.15-94.1

PublishedDec 18, 2025

ModifiedDec 18, 2025

SUSE-SU-2025:4487-1 | Mondoo Vulnerability Intelligence