SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-268

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-268

Security update for python

Type: security

Severity: moderate

Issued: 2026-01-23

Description:

This update for python fixes the following issues:

- CVE-2025-13836: Fixed reading an HTTP response from a server, if no read 
  amount is specified, with using Content-Length per default as the length 
  (bsc#1254400)
- CVE-2025-12084: Fixed Denial of Service due to quadratic algorithm in 
  xml.dom.minidom (bsc#1254997).

References

CVE: CVE-2025-6075
CVE: CVE-2025-13836
CVE: CVE-2025-12084
Bugzilla: 1254997 VUL-0: CVE-2025-12084: python,python3,python310,python311,python312,python313,python36,python39: cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service
Bugzilla: 1254400 VUL-0: CVE-2025-13836: python,python3,python310,python311,python312,python313,python36,python39: When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length.

Packages

python-2.7.18-150000.94.1

python-base-2.7.18-150000.94.1