Red Hat Product Errata RHSA-2025:10026 - Security Advisory
Issued:
2025-07-01
Updated:
2025-07-01

RHSA-2025:10026 - Security Advisory

Synopsis

Important: python3.11 security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for python3.11 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

  • cpython: Tarfile extracts filtered members when errorlevel=0 (CVE-2025-4435)
  • cpython: Bypass extraction filter to modify file metadata outside extraction directory (CVE-2024-12718)
  • cpython: Extraction filter bypass for linking outside extraction directory (CVE-2025-4330)
  • python: cpython: Arbitrary writes via tarfile realpath overflow (CVE-2025-4517)
  • cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory (CVE-2025-4138)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x

Fixes

  • BZ - 2370010 - CVE-2025-4435 cpython: Tarfile extracts filtered members when errorlevel=0
  • BZ - 2370013 - CVE-2024-12718 cpython: python: Bypass extraction filter to modify file metadata outside extraction directory
  • BZ - 2370014 - CVE-2025-4330 cpython: python: Extraction filter bypass for linking outside extraction directory
  • BZ - 2370016 - CVE-2025-4517 python: cpython: Arbitrary writes via tarfile realpath overflow
  • BZ - 2372426 - CVE-2025-4138 cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

Red Hat Enterprise Linux for x86_64 8

SRPM
python3.11-3.11.13-1.el8_10.src.rpm SHA-256: 121e62be3bfcc6f83d8a984743b179e93ee23e4cb55a7cd8a391912136795034
x86_64
python3.11-3.11.13-1.el8_10.x86_64.rpm SHA-256: 944729805a214b8ad3beba7bc7e5967892097864b86d4a7aa9f85bd94c6054a8
python3.11-debuginfo-3.11.13-1.el8_10.i686.rpm SHA-256: 780be808a2327b9fcafbc447632f87392058b3e1d1b7bd62121cf57089706b4a
python3.11-debuginfo-3.11.13-1.el8_10.x86_64.rpm SHA-256: 2f87e01f6ead1fa72cc23bc0c86877ceadd3ac61a49299606d1ebad6da8856c6
python3.11-debugsource-3.11.13-1.el8_10.i686.rpm SHA-256: 0dd55b4d982d48adfc45f9f4871dcd3a04c71c84f53730eec1f2464889950ffd
python3.11-debugsource-3.11.13-1.el8_10.x86_64.rpm SHA-256: 6056c5332ee3a48f4b97197d69ed99dc39949cbe7c164e5fc8f506f249d3c3f7
python3.11-devel-3.11.13-1.el8_10.i686.rpm SHA-256: 3885388c4fed9f758f5a127fb7a3af13c1e4db5f978a47a30bc4a3cda46584c5
python3.11-devel-3.11.13-1.el8_10.x86_64.rpm SHA-256: f8dd650b0fdbaa6a1671f02c438aea29647058ec43eeeb5d2fce3544817a4e0b
python3.11-libs-3.11.13-1.el8_10.i686.rpm SHA-256: 51695132c086ce2c35e024ddb8ea352b34000bb23356bb4aa2375db8a40294e0
python3.11-libs-3.11.13-1.el8_10.x86_64.rpm SHA-256: b1d3509f0c631784c794965a32e8b8a9530cb51f74a87af3762e291b0478a3b4
python3.11-rpm-macros-3.11.13-1.el8_10.noarch.rpm SHA-256: 9e666be7327239da41fc3f84b4f7f991a2eb98c393301a574119716a5eb768cb
python3.11-tkinter-3.11.13-1.el8_10.x86_64.rpm SHA-256: 5f5902cf9e9a2dc6c64506ef63d10da6a1f8fbace3ca5a1c3836c71f8c258958

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
python3.11-3.11.13-1.el8_10.src.rpm SHA-256: 121e62be3bfcc6f83d8a984743b179e93ee23e4cb55a7cd8a391912136795034
s390x
python3.11-3.11.13-1.el8_10.s390x.rpm SHA-256: 9e544700f589ba558aeffe39e9f417811bea561782add8de299f6aa53cb6380e
python3.11-debuginfo-3.11.13-1.el8_10.s390x.rpm SHA-256: 2b41158619f9ad43cf3410167ac4e3f76e13b1c2e02075dbb182746a6462ff6c
python3.11-debugsource-3.11.13-1.el8_10.s390x.rpm SHA-256: 40032120eded2016bdf79b7bc4a4d0de88ed0575da52c8bb4c0bc488fa6bbf2f
python3.11-devel-3.11.13-1.el8_10.s390x.rpm SHA-256: 4f613e1bed8e7e4ef39ba720c511c5829807fe9456d127c2e585a1fce8305234
python3.11-libs-3.11.13-1.el8_10.s390x.rpm SHA-256: 7adf40cd12c99acaaa235d92b695d3f52cefea90df8a721f1d9c7887a9026a1a
python3.11-rpm-macros-3.11.13-1.el8_10.noarch.rpm SHA-256: 9e666be7327239da41fc3f84b4f7f991a2eb98c393301a574119716a5eb768cb
python3.11-tkinter-3.11.13-1.el8_10.s390x.rpm SHA-256: 2b7cfc7b07b677ed936c5edfab40ec41ca57d34a0c622b56163231a96eeac34a

Red Hat Enterprise Linux for Power, little endian 8

SRPM
python3.11-3.11.13-1.el8_10.src.rpm SHA-256: 121e62be3bfcc6f83d8a984743b179e93ee23e4cb55a7cd8a391912136795034
ppc64le
python3.11-3.11.13-1.el8_10.ppc64le.rpm SHA-256: 4d2e0bef92b56a4f42250c07728bda33650b09902dfe2cacf7cfbfa9659884a3
python3.11-debuginfo-3.11.13-1.el8_10.ppc64le.rpm SHA-256: d51771fe1c6ecde940685077a04ebf5db2abe74af0f2bc28ed0977f79bb732de
python3.11-debugsource-3.11.13-1.el8_10.ppc64le.rpm SHA-256: a52d0328a046e674241bd390c1053232a804929e5a1c3c3ec846555e4a2bcceb
python3.11-devel-3.11.13-1.el8_10.ppc64le.rpm SHA-256: 87c39bbe8e15ea4a27550e63e205802b1fc1ced86fb75de4528d84d690e5c7b7
python3.11-libs-3.11.13-1.el8_10.ppc64le.rpm SHA-256: 80bb5149b6665476361ffb90aa68f8e013edde68b29ef25cccf18d17576e114b
python3.11-rpm-macros-3.11.13-1.el8_10.noarch.rpm SHA-256: 9e666be7327239da41fc3f84b4f7f991a2eb98c393301a574119716a5eb768cb
python3.11-tkinter-3.11.13-1.el8_10.ppc64le.rpm SHA-256: 7fac731c0f89ef19556ec66480757ca5134257c00d853c2b0d41485296416964

Red Hat Enterprise Linux for ARM 64 8

SRPM
python3.11-3.11.13-1.el8_10.src.rpm SHA-256: 121e62be3bfcc6f83d8a984743b179e93ee23e4cb55a7cd8a391912136795034
aarch64
python3.11-3.11.13-1.el8_10.aarch64.rpm SHA-256: 0ddf9db7a4d24e1d64a2b1bddfdcea13e1f456cc7ba6d9fcb6c85f102d03675c
python3.11-debuginfo-3.11.13-1.el8_10.aarch64.rpm SHA-256: ac6213ec432de597602de661217f71d234cf53d3b02604e872c40fed8f239775
python3.11-debugsource-3.11.13-1.el8_10.aarch64.rpm SHA-256: a9d192c1f71cfb96ef53c517546ff480e24a71084a6458383eed197fc3382767
python3.11-devel-3.11.13-1.el8_10.aarch64.rpm SHA-256: 4e6950a61cc32aac9aa8e1c2680d3ad9b8c924f5cde4d7ed357fec944b30f3fc
python3.11-libs-3.11.13-1.el8_10.aarch64.rpm SHA-256: 945d31c4e21a36111aab4eddca109b84dccf30d2cb0ae65f272d87b213b49e45
python3.11-rpm-macros-3.11.13-1.el8_10.noarch.rpm SHA-256: 9e666be7327239da41fc3f84b4f7f991a2eb98c393301a574119716a5eb768cb
python3.11-tkinter-3.11.13-1.el8_10.aarch64.rpm SHA-256: 894c0cf78cdce7d3bc17485cfa451f2b8fb31da67d9a4098f6c33d1fb0bf75e8

Red Hat CodeReady Linux Builder for x86_64 8

SRPM
x86_64
python3.11-3.11.13-1.el8_10.i686.rpm SHA-256: 6e92528cf7e4173f2c2afb980eb6d99d806f5ab60bad6430878eea1489d835a1
python3.11-debug-3.11.13-1.el8_10.i686.rpm SHA-256: ad7af39074e2ab255ca5f144eaaf13f9e1bd4233b641f882f0410466a4a68cd6
python3.11-debug-3.11.13-1.el8_10.x86_64.rpm SHA-256: 5013415a317a63a8c9bd78b7edfa0748bc59d5bff46ac05a5d2dc45f77c5244b
python3.11-debuginfo-3.11.13-1.el8_10.i686.rpm SHA-256: 780be808a2327b9fcafbc447632f87392058b3e1d1b7bd62121cf57089706b4a
python3.11-debuginfo-3.11.13-1.el8_10.x86_64.rpm SHA-256: 2f87e01f6ead1fa72cc23bc0c86877ceadd3ac61a49299606d1ebad6da8856c6
python3.11-debugsource-3.11.13-1.el8_10.i686.rpm SHA-256: 0dd55b4d982d48adfc45f9f4871dcd3a04c71c84f53730eec1f2464889950ffd
python3.11-debugsource-3.11.13-1.el8_10.x86_64.rpm SHA-256: 6056c5332ee3a48f4b97197d69ed99dc39949cbe7c164e5fc8f506f249d3c3f7
python3.11-idle-3.11.13-1.el8_10.i686.rpm SHA-256: aa26716a5fd4ea302c7b77efa8ad2c67ae0f1860c422141d6bfbcfe76549883e
python3.11-idle-3.11.13-1.el8_10.x86_64.rpm SHA-256: 7f46234e77175b8009196102d4f07b96c61eec568ac602d0c0b016f88c1801ea
python3.11-test-3.11.13-1.el8_10.i686.rpm SHA-256: cf88c9924f48d401d0724997720b1970f228af0d7e65d07f87e41fbf83fff4aa
python3.11-test-3.11.13-1.el8_10.x86_64.rpm SHA-256: 439ca07c6fdea655d64b5feb112fd68ba112e195eff89abb6a8db0fd8331b6d0
python3.11-tkinter-3.11.13-1.el8_10.i686.rpm SHA-256: 5d35b22f817b6d6a50cd2d5d06424b8f087a92d41c40c31ee4bce5d5ccf47ab7

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM
ppc64le
python3.11-debug-3.11.13-1.el8_10.ppc64le.rpm SHA-256: 2303b2476de37ad18bf45ff142cfca5da814a2aa907cf7fee07f297f60c5c155
python3.11-debuginfo-3.11.13-1.el8_10.ppc64le.rpm SHA-256: d51771fe1c6ecde940685077a04ebf5db2abe74af0f2bc28ed0977f79bb732de
python3.11-debugsource-3.11.13-1.el8_10.ppc64le.rpm SHA-256: a52d0328a046e674241bd390c1053232a804929e5a1c3c3ec846555e4a2bcceb
python3.11-idle-3.11.13-1.el8_10.ppc64le.rpm SHA-256: 4a3cef10a1f1d66e9695832115424632d15fe9e41ec62f53226410234c734946
python3.11-test-3.11.13-1.el8_10.ppc64le.rpm SHA-256: 0fbf485de98c259494c873a3b4f3f56f3810f961104e32a8cd8787fef6eb57ae

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM
aarch64
python3.11-debug-3.11.13-1.el8_10.aarch64.rpm SHA-256: 0382ac04795885bfc4d80afaa792c63f973bd42748f0c23c4681bbc76ef698c6
python3.11-debuginfo-3.11.13-1.el8_10.aarch64.rpm SHA-256: ac6213ec432de597602de661217f71d234cf53d3b02604e872c40fed8f239775
python3.11-debugsource-3.11.13-1.el8_10.aarch64.rpm SHA-256: a9d192c1f71cfb96ef53c517546ff480e24a71084a6458383eed197fc3382767
python3.11-idle-3.11.13-1.el8_10.aarch64.rpm SHA-256: cfe1cb836be6d45ea13b7688d18f54d83f06dc6b5bdafdddfa4960f8b2eb350a
python3.11-test-3.11.13-1.el8_10.aarch64.rpm SHA-256: f6e38edf925faeb9252972009c9c22d1cebbb0fd70159b5bc5f48587989d0ed9

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM
s390x
python3.11-debug-3.11.13-1.el8_10.s390x.rpm SHA-256: 165f08e4108702b827686d68592f3aaf25baf8f0dc84e81cb47e861ca72b2eb9
python3.11-debuginfo-3.11.13-1.el8_10.s390x.rpm SHA-256: 2b41158619f9ad43cf3410167ac4e3f76e13b1c2e02075dbb182746a6462ff6c
python3.11-debugsource-3.11.13-1.el8_10.s390x.rpm SHA-256: 40032120eded2016bdf79b7bc4a4d0de88ed0575da52c8bb4c0bc488fa6bbf2f
python3.11-idle-3.11.13-1.el8_10.s390x.rpm SHA-256: f89979c852103c1af979d70691348d289c7669ba5617f73312f55c327e8faf20
python3.11-test-3.11.13-1.el8_10.s390x.rpm SHA-256: 331d05d60b0bda28907a0bca3c4704d20a85f1a9f3e0a5214ca84c7f2e3fe237

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10

SRPM
python3.11-3.11.13-1.el8_10.src.rpm SHA-256: 121e62be3bfcc6f83d8a984743b179e93ee23e4cb55a7cd8a391912136795034
x86_64
python3.11-3.11.13-1.el8_10.x86_64.rpm SHA-256: 944729805a214b8ad3beba7bc7e5967892097864b86d4a7aa9f85bd94c6054a8
python3.11-debuginfo-3.11.13-1.el8_10.i686.rpm SHA-256: 780be808a2327b9fcafbc447632f87392058b3e1d1b7bd62121cf57089706b4a
python3.11-debuginfo-3.11.13-1.el8_10.x86_64.rpm SHA-256: 2f87e01f6ead1fa72cc23bc0c86877ceadd3ac61a49299606d1ebad6da8856c6
python3.11-debugsource-3.11.13-1.el8_10.i686.rpm SHA-256: 0dd55b4d982d48adfc45f9f4871dcd3a04c71c84f53730eec1f2464889950ffd
python3.11-debugsource-3.11.13-1.el8_10.x86_64.rpm SHA-256: 6056c5332ee3a48f4b97197d69ed99dc39949cbe7c164e5fc8f506f249d3c3f7
python3.11-devel-3.11.13-1.el8_10.i686.rpm SHA-256: 3885388c4fed9f758f5a127fb7a3af13c1e4db5f978a47a30bc4a3cda46584c5
python3.11-devel-3.11.13-1.el8_10.x86_64.rpm SHA-256: f8dd650b0fdbaa6a1671f02c438aea29647058ec43eeeb5d2fce3544817a4e0b
python3.11-libs-3.11.13-1.el8_10.i686.rpm SHA-256: 51695132c086ce2c35e024ddb8ea352b34000bb23356bb4aa2375db8a40294e0
python3.11-libs-3.11.13-1.el8_10.x86_64.rpm SHA-256: b1d3509f0c631784c794965a32e8b8a9530cb51f74a87af3762e291b0478a3b4
python3.11-rpm-macros-3.11.13-1.el8_10.noarch.rpm SHA-256: 9e666be7327239da41fc3f84b4f7f991a2eb98c393301a574119716a5eb768cb
python3.11-tkinter-3.11.13-1.el8_10.x86_64.rpm SHA-256: 5f5902cf9e9a2dc6c64506ef63d10da6a1f8fbace3ca5a1c3836c71f8c258958

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10

SRPM
python3.11-3.11.13-1.el8_10.src.rpm SHA-256: 121e62be3bfcc6f83d8a984743b179e93ee23e4cb55a7cd8a391912136795034
aarch64
python3.11-3.11.13-1.el8_10.aarch64.rpm SHA-256: 0ddf9db7a4d24e1d64a2b1bddfdcea13e1f456cc7ba6d9fcb6c85f102d03675c
python3.11-debuginfo-3.11.13-1.el8_10.aarch64.rpm SHA-256: ac6213ec432de597602de661217f71d234cf53d3b02604e872c40fed8f239775
python3.11-debugsource-3.11.13-1.el8_10.aarch64.rpm SHA-256: a9d192c1f71cfb96ef53c517546ff480e24a71084a6458383eed197fc3382767
python3.11-devel-3.11.13-1.el8_10.aarch64.rpm SHA-256: 4e6950a61cc32aac9aa8e1c2680d3ad9b8c924f5cde4d7ed357fec944b30f3fc
python3.11-libs-3.11.13-1.el8_10.aarch64.rpm SHA-256: 945d31c4e21a36111aab4eddca109b84dccf30d2cb0ae65f272d87b213b49e45
python3.11-rpm-macros-3.11.13-1.el8_10.noarch.rpm SHA-256: 9e666be7327239da41fc3f84b4f7f991a2eb98c393301a574119716a5eb768cb
python3.11-tkinter-3.11.13-1.el8_10.aarch64.rpm SHA-256: 894c0cf78cdce7d3bc17485cfa451f2b8fb31da67d9a4098f6c33d1fb0bf75e8

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10

SRPM
python3.11-3.11.13-1.el8_10.src.rpm SHA-256: 121e62be3bfcc6f83d8a984743b179e93ee23e4cb55a7cd8a391912136795034
ppc64le
python3.11-3.11.13-1.el8_10.ppc64le.rpm SHA-256: 4d2e0bef92b56a4f42250c07728bda33650b09902dfe2cacf7cfbfa9659884a3
python3.11-debuginfo-3.11.13-1.el8_10.ppc64le.rpm SHA-256: d51771fe1c6ecde940685077a04ebf5db2abe74af0f2bc28ed0977f79bb732de
python3.11-debugsource-3.11.13-1.el8_10.ppc64le.rpm SHA-256: a52d0328a046e674241bd390c1053232a804929e5a1c3c3ec846555e4a2bcceb
python3.11-devel-3.11.13-1.el8_10.ppc64le.rpm SHA-256: 87c39bbe8e15ea4a27550e63e205802b1fc1ced86fb75de4528d84d690e5c7b7
python3.11-libs-3.11.13-1.el8_10.ppc64le.rpm SHA-256: 80bb5149b6665476361ffb90aa68f8e013edde68b29ef25cccf18d17576e114b
python3.11-rpm-macros-3.11.13-1.el8_10.noarch.rpm SHA-256: 9e666be7327239da41fc3f84b4f7f991a2eb98c393301a574119716a5eb768cb
python3.11-tkinter-3.11.13-1.el8_10.ppc64le.rpm SHA-256: 7fac731c0f89ef19556ec66480757ca5134257c00d853c2b0d41485296416964

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10

SRPM
python3.11-3.11.13-1.el8_10.src.rpm SHA-256: 121e62be3bfcc6f83d8a984743b179e93ee23e4cb55a7cd8a391912136795034
s390x
python3.11-3.11.13-1.el8_10.s390x.rpm SHA-256: 9e544700f589ba558aeffe39e9f417811bea561782add8de299f6aa53cb6380e
python3.11-debuginfo-3.11.13-1.el8_10.s390x.rpm SHA-256: 2b41158619f9ad43cf3410167ac4e3f76e13b1c2e02075dbb182746a6462ff6c
python3.11-debugsource-3.11.13-1.el8_10.s390x.rpm SHA-256: 40032120eded2016bdf79b7bc4a4d0de88ed0575da52c8bb4c0bc488fa6bbf2f
python3.11-devel-3.11.13-1.el8_10.s390x.rpm SHA-256: 4f613e1bed8e7e4ef39ba720c511c5829807fe9456d127c2e585a1fce8305234
python3.11-libs-3.11.13-1.el8_10.s390x.rpm SHA-256: 7adf40cd12c99acaaa235d92b695d3f52cefea90df8a721f1d9c7887a9026a1a
python3.11-rpm-macros-3.11.13-1.el8_10.noarch.rpm SHA-256: 9e666be7327239da41fc3f84b4f7f991a2eb98c393301a574119716a5eb768cb
python3.11-tkinter-3.11.13-1.el8_10.s390x.rpm SHA-256: 2b7cfc7b07b677ed936c5edfab40ec41ca57d34a0c622b56163231a96eeac34a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.