SUSE Package Hub - openSUSE-2026-56

Update Info

openSUSE-2026-56

Security update for python-nltk

Type: security

Severity: important

Issued: 2026-02-19

Description:

This update for python-nltk fixes the following issues:

- CVE-2025-14009: Fixed Secure ZIP extraction (boo#1258436)

References

CVE: CVE-2025-14009
Bugzilla: 1258436 VUL-0: CVE-2025-14009: python-nltk: `_unzip_iter` function in `nltk/downloader.py` uses `zipfile.extractall()` without performing path validation or security checks

Packages

python-nltk-3.7-bp157.3.3.1