Skip to main content
Early Access
— Mondoo Vulnerability Intelligence is currently in preview.
Vulnerability Intelligence
Login
Get Demo
Back to search
SUSE-SU-2025:4538-1
UNKNOWN
Security update for python3
Published Dec 31, 2025
Modified 2 weeks ago
Fix available
Details
This update for python3 fixes the following issues:
CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997)
CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400)
CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401)
Affected Packages
SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5
libpython3_4m1_0
Fixed in:
3.4.10-25.166.1
SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5
libpython3_4m1_0-32bit
Fixed in:
3.4.10-25.166.1
SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5
python3
Fixed in:
3.4.10-25.166.1
SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5
python3-base
Fixed in:
3.4.10-25.166.1
SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5
python3-curses
Fixed in:
3.4.10-25.166.1
SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5
python3-devel
Fixed in:
3.4.10-25.166.1
SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5
python3-tk
Fixed in:
3.4.10-25.166.1
References
REPORT
https://bugzilla.suse.com/1254400
REPORT
https://bugzilla.suse.com/1254401
REPORT
https://bugzilla.suse.com/1254997
WEB
https://www.suse.com/security/cve/CVE-2025-12084
WEB
https://www.suse.com/security/cve/CVE-2025-13836
WEB
https://www.suse.com/security/cve/CVE-2025-13837
ADVISORY
https://www.suse.com/support/update/announcement/2025/suse-su-20254538-1/
Upstream
CVE-2025-12084
CVE-2025-13836
CVE-2025-13837
Related
CVE-2025-12084
CVE-2025-13836
CVE-2025-13837
Ecosystems
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
Timeline
Published
Dec 31, 2025
Modified
Dec 31, 2025
SUSE-SU-2025:4538-1 | Mondoo Vulnerability Intelligence