vulnerability
SUSE: CVE-2025-4435: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:C/A:N) | Jun 3, 2025 | Jul 14, 2025 | Jan 26, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:N)
Published
Jun 3, 2025
Added
Jul 14, 2025
Modified
Jan 26, 2026
Description
When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped.
Solutions
suse-upgrade-libpython3_11-1_0suse-upgrade-libpython3_11-1_0-32bitsuse-upgrade-libpython3_12-1_0suse-upgrade-libpython3_12-1_0-32bitsuse-upgrade-libpython3_13-1_0suse-upgrade-libpython3_13-1_0-x86-64-v3suse-upgrade-libpython3_4m1_0suse-upgrade-libpython3_4m1_0-32bitsuse-upgrade-libpython3_6m1_0suse-upgrade-libpython3_6m1_0-32bitsuse-upgrade-python3suse-upgrade-python3-basesuse-upgrade-python3-cursessuse-upgrade-python3-dbmsuse-upgrade-python3-develsuse-upgrade-python3-docsuse-upgrade-python3-doc-devhelpsuse-upgrade-python3-idlesuse-upgrade-python3-testsuitesuse-upgrade-python3-tksuse-upgrade-python3-toolssuse-upgrade-python311suse-upgrade-python311-32bitsuse-upgrade-python311-basesuse-upgrade-python311-base-32bitsuse-upgrade-python311-cursessuse-upgrade-python311-dbmsuse-upgrade-python311-develsuse-upgrade-python311-docsuse-upgrade-python311-doc-devhelpsuse-upgrade-python311-idlesuse-upgrade-python311-testsuitesuse-upgrade-python311-tksuse-upgrade-python311-toolssuse-upgrade-python312suse-upgrade-python312-32bitsuse-upgrade-python312-basesuse-upgrade-python312-base-32bitsuse-upgrade-python312-cursessuse-upgrade-python312-dbmsuse-upgrade-python312-develsuse-upgrade-python312-docsuse-upgrade-python312-doc-devhelpsuse-upgrade-python312-idlesuse-upgrade-python312-testsuitesuse-upgrade-python312-tksuse-upgrade-python312-toolssuse-upgrade-python313suse-upgrade-python313-basesuse-upgrade-python313-base-x86-64-v3suse-upgrade-python313-cursessuse-upgrade-python313-dbmsuse-upgrade-python313-develsuse-upgrade-python313-docsuse-upgrade-python313-doc-devhelpsuse-upgrade-python313-idlesuse-upgrade-python313-tksuse-upgrade-python313-toolssuse-upgrade-python313-x86-64-v3suse-upgrade-python36suse-upgrade-python36-basesuse-upgrade-python36-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.