Skip to main content
Vulnerability Intelligence
Platform
Solutions
Customers
Resources
Company
Login
Get Demo
Vulnerability Intelligence
SUSE-SU-2025:4538-1
SUSE-SU-2025:4538-1
UNKNOWN
Security update for python3
Published Dec 31, 2025
Modified 2 weeks ago
Fix available
Details
This update for python3 fixes the following issues:
CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997)
CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400)
CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401)
Affected Packages
libpython3_4m1_0
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
Fixed in:
3.4.10-25.166.1
libpython3_4m1_0-32bit
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
Fixed in:
3.4.10-25.166.1
python3
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
Fixed in:
3.4.10-25.166.1
python3-base
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
Fixed in:
3.4.10-25.166.1
python3-curses
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
Fixed in:
3.4.10-25.166.1
python3-devel
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
Fixed in:
3.4.10-25.166.1
python3-tk
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
Fixed in:
3.4.10-25.166.1
References
REPORT
https://bugzilla.suse.com/1254400
REPORT
https://bugzilla.suse.com/1254401
REPORT
https://bugzilla.suse.com/1254997
WEB
https://www.suse.com/security/cve/CVE-2025-12084
WEB
https://www.suse.com/security/cve/CVE-2025-13836
WEB
https://www.suse.com/security/cve/CVE-2025-13837
ADVISORY
https://www.suse.com/support/update/announcement/2025/suse-su-20254538-1/
Upstream
CVE-2025-12084
CVE-2025-13836
CVE-2025-13837
Related
CVE-2025-12084
CVE-2025-13836
CVE-2025-13837
Ecosystems
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
Timeline
Published
Dec 31, 2025
Modified
Dec 31, 2025
SUSE-SU-2025:4538-1 | Mondoo Vulnerability Intelligence