红帽产品勘误 RHSA-2025:10031 - Security Advisory
发布:
2025-07-01
已更新:
2025-07-01

RHSA-2025:10031 - Security Advisory

概述

Important: python3.12 security update

类型/严重性

Security Advisory: Important

Red Hat Lightspeed patch analysis

识别并修复受此公告影响的系统。

查看受影响的系统

标题

An update for python3.12 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

  • cpython: Tarfile extracts filtered members when errorlevel=0 (CVE-2025-4435)
  • cpython: Bypass extraction filter to modify file metadata outside extraction directory (CVE-2024-12718)
  • cpython: Extraction filter bypass for linking outside extraction directory (CVE-2025-4330)
  • python: cpython: Arbitrary writes via tarfile realpath overflow (CVE-2025-4517)
  • cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory (CVE-2025-4138)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

解决方案

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

受影响的产品

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x

修复

  • BZ - 2370010 - CVE-2025-4435 cpython: Tarfile extracts filtered members when errorlevel=0
  • BZ - 2370013 - CVE-2024-12718 cpython: python: Bypass extraction filter to modify file metadata outside extraction directory
  • BZ - 2370014 - CVE-2025-4330 cpython: python: Extraction filter bypass for linking outside extraction directory
  • BZ - 2370016 - CVE-2025-4517 python: cpython: Arbitrary writes via tarfile realpath overflow
  • BZ - 2372426 - CVE-2025-4138 cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

Red Hat Enterprise Linux for x86_64 8

SRPM
python3.12-3.12.11-1.el8_10.src.rpm SHA-256: 5721b3be3c412de532124948aeef1857f7ce9786fe655206ea18d5e177bdc8d7
x86_64
python3.12-3.12.11-1.el8_10.x86_64.rpm SHA-256: a5aef3056b86871a3c1ebcf473f044b825fd327adc95b7fd4fb1ed14146aa6fe
python3.12-debuginfo-3.12.11-1.el8_10.i686.rpm SHA-256: e263247dd6742e05561ec5823ea7b1dcdc9ba3317389b13c1022bfb9660ace59
python3.12-debuginfo-3.12.11-1.el8_10.x86_64.rpm SHA-256: 600898b38764ff5761ae187348be895a175b544c865c2968f706c3750915c96a
python3.12-debugsource-3.12.11-1.el8_10.i686.rpm SHA-256: 4cfefc247c39c83432479903788fbb97a2c18f396ac5039618b84cf447dfc8d0
python3.12-debugsource-3.12.11-1.el8_10.x86_64.rpm SHA-256: 072a7581a788f1ef6ea67726bb6cdc7172bfce8944e0fcffabbe8c7634f3ae66
python3.12-devel-3.12.11-1.el8_10.i686.rpm SHA-256: 200bc0b378a2803100c229ff2f81032aeffb4a6f74ad6d0a5ea545627a58cc13
python3.12-devel-3.12.11-1.el8_10.x86_64.rpm SHA-256: 1a7fe5c20aa85a4835d51e5511c857c64443ebf3e005749298b809b9a8338352
python3.12-libs-3.12.11-1.el8_10.i686.rpm SHA-256: 1734ff8ba7841bf1ab101f5a7ae5dd422c6f53d167a5888b2bbad8372267a081
python3.12-libs-3.12.11-1.el8_10.x86_64.rpm SHA-256: 232d168aac40c7d44d5cd814bc5fa89fd3075283eaad76c787050ce07dc39f30
python3.12-rpm-macros-3.12.11-1.el8_10.noarch.rpm SHA-256: 945939ee9f5a6fd88c22db22b7213ae035af013d2dd09250a29a338deb668ac6
python3.12-tkinter-3.12.11-1.el8_10.x86_64.rpm SHA-256: 0626e463ef2c8fbb32b6c71d1e57b09bc9e956e529583f89e71272aea2e90c89

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
python3.12-3.12.11-1.el8_10.src.rpm SHA-256: 5721b3be3c412de532124948aeef1857f7ce9786fe655206ea18d5e177bdc8d7
s390x
python3.12-3.12.11-1.el8_10.s390x.rpm SHA-256: 040040de66700beca3a86fa38f8be1185e15a856be22dbfc6a89a6ec8492877b
python3.12-debuginfo-3.12.11-1.el8_10.s390x.rpm SHA-256: 1635755d5517a505270c8060a424d494b785c1b82dad90e09cbf532fdde75531
python3.12-debugsource-3.12.11-1.el8_10.s390x.rpm SHA-256: 7292c8465090793b5c7e16567390d49363c4548e557f5925ee6d7eb4e60b6cad
python3.12-devel-3.12.11-1.el8_10.s390x.rpm SHA-256: a678238926ff06e86df0b4f8872057bad459dea7c97e3869bf6ec9d69bcc9e80
python3.12-libs-3.12.11-1.el8_10.s390x.rpm SHA-256: 878e9eb2429f61e1792f168c9c52ae0881742aa1416b8e74d54b462e5b24355d
python3.12-rpm-macros-3.12.11-1.el8_10.noarch.rpm SHA-256: 945939ee9f5a6fd88c22db22b7213ae035af013d2dd09250a29a338deb668ac6
python3.12-tkinter-3.12.11-1.el8_10.s390x.rpm SHA-256: 02a675a313b1ddab6bb8263574ae9962ca6597093d8ed1a8aca723d0f1208232

Red Hat Enterprise Linux for Power, little endian 8

SRPM
python3.12-3.12.11-1.el8_10.src.rpm SHA-256: 5721b3be3c412de532124948aeef1857f7ce9786fe655206ea18d5e177bdc8d7
ppc64le
python3.12-3.12.11-1.el8_10.ppc64le.rpm SHA-256: 5da72c990064fdf833fe0be99c37168304eace8c413c466dcf8ba82ea865e592
python3.12-debuginfo-3.12.11-1.el8_10.ppc64le.rpm SHA-256: 42aac4d5e8346c95974906dbb8348ca01b8f4a65fa4ccbb00f3e851c7c0a8551
python3.12-debugsource-3.12.11-1.el8_10.ppc64le.rpm SHA-256: 7666604095b0031978faf83224911ce8ac49f980cb75bec2f5e683b0ffa80af0
python3.12-devel-3.12.11-1.el8_10.ppc64le.rpm SHA-256: fc8c4c8e6689705335e3503716006632b54e8c020e506b18908c4b0b63734ef5
python3.12-libs-3.12.11-1.el8_10.ppc64le.rpm SHA-256: c0d247facede453f0c88dd4e21b3321292cd6d32515f2e0524374798cadecfad
python3.12-rpm-macros-3.12.11-1.el8_10.noarch.rpm SHA-256: 945939ee9f5a6fd88c22db22b7213ae035af013d2dd09250a29a338deb668ac6
python3.12-tkinter-3.12.11-1.el8_10.ppc64le.rpm SHA-256: 2f61dd3f72960e50bfae18874cd80c575002e7da4405b05318a77f9ce7dd9b3b

Red Hat Enterprise Linux for ARM 64 8

SRPM
python3.12-3.12.11-1.el8_10.src.rpm SHA-256: 5721b3be3c412de532124948aeef1857f7ce9786fe655206ea18d5e177bdc8d7
aarch64
python3.12-3.12.11-1.el8_10.aarch64.rpm SHA-256: 714a944534c772c0d4abaf6eb05df8865110c8234fcbee9c76d72f959d00df57
python3.12-debuginfo-3.12.11-1.el8_10.aarch64.rpm SHA-256: 48338d9a4bbc93b45e10cf19a90b0b0a3969f166ca25e56080445182727d3a4b
python3.12-debugsource-3.12.11-1.el8_10.aarch64.rpm SHA-256: c7fee954048edb47a23b65f070121ef6026c2156a8e77e341c33bd2b8035b244
python3.12-devel-3.12.11-1.el8_10.aarch64.rpm SHA-256: b6edf8e65e292c0f940817afa4cebe0295507b317f586a418bde8c5c1b0714cb
python3.12-libs-3.12.11-1.el8_10.aarch64.rpm SHA-256: be31dd43651391f18323caa5f4ea8f482c62bddcff22416fc53508a175f3a0b7
python3.12-rpm-macros-3.12.11-1.el8_10.noarch.rpm SHA-256: 945939ee9f5a6fd88c22db22b7213ae035af013d2dd09250a29a338deb668ac6
python3.12-tkinter-3.12.11-1.el8_10.aarch64.rpm SHA-256: 1be2b15a4df2ccea035efc8a4509bd97868e1ad5372226eaf3362095c09d0c5c

Red Hat CodeReady Linux Builder for x86_64 8

SRPM
x86_64
python3.12-3.12.11-1.el8_10.i686.rpm SHA-256: c0191b820ac42426ff83e7f996f148710f7e160b43f02b6bcf9ca5aa72870e1f
python3.12-debug-3.12.11-1.el8_10.i686.rpm SHA-256: 7381ef9e64779ba4057334fab8ca5717979cd452d1538ceaa5f250b9c1f35a48
python3.12-debug-3.12.11-1.el8_10.x86_64.rpm SHA-256: 4b0622d7163efeaa2b6ff4d543088834a0805085bab94055d444fae71b27470f
python3.12-debuginfo-3.12.11-1.el8_10.i686.rpm SHA-256: e263247dd6742e05561ec5823ea7b1dcdc9ba3317389b13c1022bfb9660ace59
python3.12-debuginfo-3.12.11-1.el8_10.x86_64.rpm SHA-256: 600898b38764ff5761ae187348be895a175b544c865c2968f706c3750915c96a
python3.12-debugsource-3.12.11-1.el8_10.i686.rpm SHA-256: 4cfefc247c39c83432479903788fbb97a2c18f396ac5039618b84cf447dfc8d0
python3.12-debugsource-3.12.11-1.el8_10.x86_64.rpm SHA-256: 072a7581a788f1ef6ea67726bb6cdc7172bfce8944e0fcffabbe8c7634f3ae66
python3.12-idle-3.12.11-1.el8_10.i686.rpm SHA-256: 62bd5042d835b3d9e228005663fd4a592f8fda4682a88e03eee831cdd7182e05
python3.12-idle-3.12.11-1.el8_10.x86_64.rpm SHA-256: 70535aa32aec2d5e10070a8cc7778c47f5943fa28b4054461cf021e7862347c6
python3.12-test-3.12.11-1.el8_10.i686.rpm SHA-256: 9e5d2a3bcf33f4fa05cab268c516e08c322eff615ec9673006a3e7926f7e18ec
python3.12-test-3.12.11-1.el8_10.x86_64.rpm SHA-256: 526743cd32128f00ec3b81d122ffcc4b000009ce508446bf687f3e55c5ec6b47
python3.12-tkinter-3.12.11-1.el8_10.i686.rpm SHA-256: bc4ef8b0b06860f3658bd84ba9deab0eaae0182a5505c06b699b5f3367eb212e

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM
ppc64le
python3.12-debug-3.12.11-1.el8_10.ppc64le.rpm SHA-256: 0371f83b77efa19b4103dd2d435a1ceee13518f153ea7c8949e68288d39003ea
python3.12-debuginfo-3.12.11-1.el8_10.ppc64le.rpm SHA-256: 42aac4d5e8346c95974906dbb8348ca01b8f4a65fa4ccbb00f3e851c7c0a8551
python3.12-debugsource-3.12.11-1.el8_10.ppc64le.rpm SHA-256: 7666604095b0031978faf83224911ce8ac49f980cb75bec2f5e683b0ffa80af0
python3.12-idle-3.12.11-1.el8_10.ppc64le.rpm SHA-256: 7e947229a0fde5cd5f4791d60a24c17f16c84373f1077dc92fa7fa53299dbf22
python3.12-test-3.12.11-1.el8_10.ppc64le.rpm SHA-256: 4f9965fec7b8ac5b8282eb21d8297a077de2242b1b71fffd5194d3ddb9d2c310

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM
aarch64
python3.12-debug-3.12.11-1.el8_10.aarch64.rpm SHA-256: 43898817046c14d1a36405b3a8f65aa3569dd3ba9176ae40ec29f6a1ed2e5895
python3.12-debuginfo-3.12.11-1.el8_10.aarch64.rpm SHA-256: 48338d9a4bbc93b45e10cf19a90b0b0a3969f166ca25e56080445182727d3a4b
python3.12-debugsource-3.12.11-1.el8_10.aarch64.rpm SHA-256: c7fee954048edb47a23b65f070121ef6026c2156a8e77e341c33bd2b8035b244
python3.12-idle-3.12.11-1.el8_10.aarch64.rpm SHA-256: 058ac49cb0c7d4c3fc3d9a3de58bdadd838fb27f4d8e9eb16246ebd7e1b224c7
python3.12-test-3.12.11-1.el8_10.aarch64.rpm SHA-256: 14ebe3b0fa13267eb05179dd19420791e7d4690402176b9d250ec9303456f191

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM
s390x
python3.12-debug-3.12.11-1.el8_10.s390x.rpm SHA-256: 449c6ec21f48476518b880439155a781126147bf6aff90a3ee902eda06c30637
python3.12-debuginfo-3.12.11-1.el8_10.s390x.rpm SHA-256: 1635755d5517a505270c8060a424d494b785c1b82dad90e09cbf532fdde75531
python3.12-debugsource-3.12.11-1.el8_10.s390x.rpm SHA-256: 7292c8465090793b5c7e16567390d49363c4548e557f5925ee6d7eb4e60b6cad
python3.12-idle-3.12.11-1.el8_10.s390x.rpm SHA-256: c34a320ce1994a3c687ef0a7fce5be67b9506b1ac694294ae94a5dcb80ec2c68
python3.12-test-3.12.11-1.el8_10.s390x.rpm SHA-256: 888f845c8cb8cef65cd99aaa8a84db09ec27bafef5883ac393251fa1a8f5ea35

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10

SRPM
python3.12-3.12.11-1.el8_10.src.rpm SHA-256: 5721b3be3c412de532124948aeef1857f7ce9786fe655206ea18d5e177bdc8d7
x86_64
python3.12-3.12.11-1.el8_10.x86_64.rpm SHA-256: a5aef3056b86871a3c1ebcf473f044b825fd327adc95b7fd4fb1ed14146aa6fe
python3.12-debuginfo-3.12.11-1.el8_10.i686.rpm SHA-256: e263247dd6742e05561ec5823ea7b1dcdc9ba3317389b13c1022bfb9660ace59
python3.12-debuginfo-3.12.11-1.el8_10.x86_64.rpm SHA-256: 600898b38764ff5761ae187348be895a175b544c865c2968f706c3750915c96a
python3.12-debugsource-3.12.11-1.el8_10.i686.rpm SHA-256: 4cfefc247c39c83432479903788fbb97a2c18f396ac5039618b84cf447dfc8d0
python3.12-debugsource-3.12.11-1.el8_10.x86_64.rpm SHA-256: 072a7581a788f1ef6ea67726bb6cdc7172bfce8944e0fcffabbe8c7634f3ae66
python3.12-devel-3.12.11-1.el8_10.i686.rpm SHA-256: 200bc0b378a2803100c229ff2f81032aeffb4a6f74ad6d0a5ea545627a58cc13
python3.12-devel-3.12.11-1.el8_10.x86_64.rpm SHA-256: 1a7fe5c20aa85a4835d51e5511c857c64443ebf3e005749298b809b9a8338352
python3.12-libs-3.12.11-1.el8_10.i686.rpm SHA-256: 1734ff8ba7841bf1ab101f5a7ae5dd422c6f53d167a5888b2bbad8372267a081
python3.12-libs-3.12.11-1.el8_10.x86_64.rpm SHA-256: 232d168aac40c7d44d5cd814bc5fa89fd3075283eaad76c787050ce07dc39f30
python3.12-rpm-macros-3.12.11-1.el8_10.noarch.rpm SHA-256: 945939ee9f5a6fd88c22db22b7213ae035af013d2dd09250a29a338deb668ac6
python3.12-tkinter-3.12.11-1.el8_10.x86_64.rpm SHA-256: 0626e463ef2c8fbb32b6c71d1e57b09bc9e956e529583f89e71272aea2e90c89

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10

SRPM
python3.12-3.12.11-1.el8_10.src.rpm SHA-256: 5721b3be3c412de532124948aeef1857f7ce9786fe655206ea18d5e177bdc8d7
aarch64
python3.12-3.12.11-1.el8_10.aarch64.rpm SHA-256: 714a944534c772c0d4abaf6eb05df8865110c8234fcbee9c76d72f959d00df57
python3.12-debuginfo-3.12.11-1.el8_10.aarch64.rpm SHA-256: 48338d9a4bbc93b45e10cf19a90b0b0a3969f166ca25e56080445182727d3a4b
python3.12-debugsource-3.12.11-1.el8_10.aarch64.rpm SHA-256: c7fee954048edb47a23b65f070121ef6026c2156a8e77e341c33bd2b8035b244
python3.12-devel-3.12.11-1.el8_10.aarch64.rpm SHA-256: b6edf8e65e292c0f940817afa4cebe0295507b317f586a418bde8c5c1b0714cb
python3.12-libs-3.12.11-1.el8_10.aarch64.rpm SHA-256: be31dd43651391f18323caa5f4ea8f482c62bddcff22416fc53508a175f3a0b7
python3.12-rpm-macros-3.12.11-1.el8_10.noarch.rpm SHA-256: 945939ee9f5a6fd88c22db22b7213ae035af013d2dd09250a29a338deb668ac6
python3.12-tkinter-3.12.11-1.el8_10.aarch64.rpm SHA-256: 1be2b15a4df2ccea035efc8a4509bd97868e1ad5372226eaf3362095c09d0c5c

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10

SRPM
python3.12-3.12.11-1.el8_10.src.rpm SHA-256: 5721b3be3c412de532124948aeef1857f7ce9786fe655206ea18d5e177bdc8d7
ppc64le
python3.12-3.12.11-1.el8_10.ppc64le.rpm SHA-256: 5da72c990064fdf833fe0be99c37168304eace8c413c466dcf8ba82ea865e592
python3.12-debuginfo-3.12.11-1.el8_10.ppc64le.rpm SHA-256: 42aac4d5e8346c95974906dbb8348ca01b8f4a65fa4ccbb00f3e851c7c0a8551
python3.12-debugsource-3.12.11-1.el8_10.ppc64le.rpm SHA-256: 7666604095b0031978faf83224911ce8ac49f980cb75bec2f5e683b0ffa80af0
python3.12-devel-3.12.11-1.el8_10.ppc64le.rpm SHA-256: fc8c4c8e6689705335e3503716006632b54e8c020e506b18908c4b0b63734ef5
python3.12-libs-3.12.11-1.el8_10.ppc64le.rpm SHA-256: c0d247facede453f0c88dd4e21b3321292cd6d32515f2e0524374798cadecfad
python3.12-rpm-macros-3.12.11-1.el8_10.noarch.rpm SHA-256: 945939ee9f5a6fd88c22db22b7213ae035af013d2dd09250a29a338deb668ac6
python3.12-tkinter-3.12.11-1.el8_10.ppc64le.rpm SHA-256: 2f61dd3f72960e50bfae18874cd80c575002e7da4405b05318a77f9ce7dd9b3b

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10

SRPM
python3.12-3.12.11-1.el8_10.src.rpm SHA-256: 5721b3be3c412de532124948aeef1857f7ce9786fe655206ea18d5e177bdc8d7
s390x
python3.12-3.12.11-1.el8_10.s390x.rpm SHA-256: 040040de66700beca3a86fa38f8be1185e15a856be22dbfc6a89a6ec8492877b
python3.12-debuginfo-3.12.11-1.el8_10.s390x.rpm SHA-256: 1635755d5517a505270c8060a424d494b785c1b82dad90e09cbf532fdde75531
python3.12-debugsource-3.12.11-1.el8_10.s390x.rpm SHA-256: 7292c8465090793b5c7e16567390d49363c4548e557f5925ee6d7eb4e60b6cad
python3.12-devel-3.12.11-1.el8_10.s390x.rpm SHA-256: a678238926ff06e86df0b4f8872057bad459dea7c97e3869bf6ec9d69bcc9e80
python3.12-libs-3.12.11-1.el8_10.s390x.rpm SHA-256: 878e9eb2429f61e1792f168c9c52ae0881742aa1416b8e74d54b462e5b24355d
python3.12-rpm-macros-3.12.11-1.el8_10.noarch.rpm SHA-256: 945939ee9f5a6fd88c22db22b7213ae035af013d2dd09250a29a338deb668ac6
python3.12-tkinter-3.12.11-1.el8_10.s390x.rpm SHA-256: 02a675a313b1ddab6bb8263574ae9962ca6597093d8ed1a8aca723d0f1208232

Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/