SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3695

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3695

Security update for python-ldap

Type: security

Severity: moderate

Issued: 2025-10-21

Description:

This update for python-ldap fixes the following issues:

- CVE-2025-61911: Enforce str for escape_filter_chars (bsc#1251912).
- CVE-2025-61912: Escape NULs as per RFC 4514 in escape_dn_chars (bsc#1251913).

References

CVE: CVE-2025-61912
CVE: CVE-2025-61911
Bugzilla: 1251913 VUL-0: CVE-2025-61912: python-ldap: In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte
Bugzilla: 1251912 VUL-0: CVE-2025-61911: python-ldap: In versions prior to 3.4.5, the sanitization method `ldap.filter.escape_filter_chars` can be tricked to skip escaping of special characters

Packages

python-ldap-3.1.0-150100.3.5.1