发布：: 2025-07-08
已更新：: 2025-07-08

RHSA-2025:10602 - Security Advisory

概述
更新的软件包

概述

Important: python3 security update

类型/严重性

Security Advisory: Important

Red Hat Lightspeed patch analysis

识别并修复受此公告影响的系统。

查看受影响的系统

标题

An update for python3 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.8 Telecommunications Update Service, and Red Hat Enterprise Linux 8.8 Extended Update Support EXTENSION.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

cpython: Tarfile extracts filtered members when errorlevel=0 (CVE-2025-4435)
cpython: python: Bypass extraction filter to modify file metadata outside extraction directory (CVE-2024-12718)
cpython: python: Extraction filter bypass for linking outside extraction directory (CVE-2025-4330)
python: cpython: Arbitrary writes via tarfile realpath overflow (CVE-2025-4517)
cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory (CVE-2025-4138)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

解决方案

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

受影响的产品

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64
Red Hat Enterprise Linux Server - TUS 8.8 x86_64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

修复

BZ - 2370010 - CVE-2025-4435 cpython: Tarfile extracts filtered members when errorlevel=0
BZ - 2370013 - CVE-2024-12718 cpython: python: Bypass extraction filter to modify file metadata outside extraction directory
BZ - 2370014 - CVE-2025-4330 cpython: python: Extraction filter bypass for linking outside extraction directory
BZ - 2370016 - CVE-2025-4517 python: cpython: Arbitrary writes via tarfile realpath overflow
BZ - 2372426 - CVE-2025-4138 cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

CVE

参考

https://access.redhat.com/security/updates/classification/#important

注：: 可能有这些软件包的更新版本。点击软件包名称查看详情。

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8

SRPM
python3-3.6.8-51.el8_8.10.src.rpm	SHA-256: 9404790d486d8c8fc710557b6f03d51e1cf8becf95a6039bb9c688c58b73d471
x86_64
platform-python-3.6.8-51.el8_8.10.i686.rpm	SHA-256: e43cfe52765b5b116524164b37a57649389039aa557ec6a828466c871b4a88f9
platform-python-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: 5f7e9a9e3321f9dda61eaea962ffdb00e3b0a91e51adf9b98920a3b117d70ea0
platform-python-debug-3.6.8-51.el8_8.10.i686.rpm	SHA-256: 8e49f75d64dc7fc7364f4df2a88e96834c3c2c52edb7d67ae7a5ce1822c98dfe
platform-python-debug-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: 98310e714be65e955f05cd7ce32786da97596e8b3ccce56f36a0974f90e614ab
platform-python-devel-3.6.8-51.el8_8.10.i686.rpm	SHA-256: 43abd29b07d56e5a0acf1b592e60813f0f6b944394d60c2d7415d555354b2e41
platform-python-devel-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: 839161433def08fd30a2b6736d52d59f9f984900264bf280e82d8a520277482b
python3-debuginfo-3.6.8-51.el8_8.10.i686.rpm	SHA-256: fb77d87375dd91c7583473e69234e7516a46e23b169431e726a5322e67bd31d0
python3-debuginfo-3.6.8-51.el8_8.10.i686.rpm	SHA-256: fb77d87375dd91c7583473e69234e7516a46e23b169431e726a5322e67bd31d0
python3-debuginfo-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: 1f1b9e5b7ab7643d5120562a507cefa60730885cd18716e0ac5ff9acd73580eb
python3-debuginfo-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: 1f1b9e5b7ab7643d5120562a507cefa60730885cd18716e0ac5ff9acd73580eb
python3-debugsource-3.6.8-51.el8_8.10.i686.rpm	SHA-256: 0ec9b569f22c8af0be730108ece3412bb3b39a3d55ac66d6a8a0156e42d1d0a8
python3-debugsource-3.6.8-51.el8_8.10.i686.rpm	SHA-256: 0ec9b569f22c8af0be730108ece3412bb3b39a3d55ac66d6a8a0156e42d1d0a8
python3-debugsource-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: b6fda60f34b75806968795b7f5592ad09625fe23d4dedb38b22b1ee6a204b7b4
python3-debugsource-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: b6fda60f34b75806968795b7f5592ad09625fe23d4dedb38b22b1ee6a204b7b4
python3-idle-3.6.8-51.el8_8.10.i686.rpm	SHA-256: d90e94fbab2fd3cfdb2351d2947d6da24b044dc8301ca6ac73a6cd7b091b3540
python3-idle-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: 91335b43171d606d1162ad51df1822dc4c4af445960c9da12696b256b213893a
python3-libs-3.6.8-51.el8_8.10.i686.rpm	SHA-256: 2295051903e933f8561b7b03593e57db53b2b64d5f406fac3b3baec89da548b1
python3-libs-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: 5ff2a4af495efefb28912e0962a2c73ef54403ee2e89fe19d15e51d4cc33c328
python3-test-3.6.8-51.el8_8.10.i686.rpm	SHA-256: 93244466236fb381c910e7cdc4563ad2a7d3eb50526153a9bc80c49f40f87db3
python3-test-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: 9b1c142739cbc658a420a30a5ee80771add08d8d75baf7bca621cb3c9472e905
python3-tkinter-3.6.8-51.el8_8.10.i686.rpm	SHA-256: 00c5584fc3819d97a5d6148bfd9d794369888e2fcbf4894a7d1760c110010086
python3-tkinter-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: 6ccf1315d08c263d26fa42d2c792863e4298079b2ad96dc0e81c265bbc36a0d6

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
python3-3.6.8-51.el8_8.10.src.rpm	SHA-256: 9404790d486d8c8fc710557b6f03d51e1cf8becf95a6039bb9c688c58b73d471
x86_64
platform-python-3.6.8-51.el8_8.10.i686.rpm	SHA-256: e43cfe52765b5b116524164b37a57649389039aa557ec6a828466c871b4a88f9
platform-python-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: 5f7e9a9e3321f9dda61eaea962ffdb00e3b0a91e51adf9b98920a3b117d70ea0
platform-python-debug-3.6.8-51.el8_8.10.i686.rpm	SHA-256: 8e49f75d64dc7fc7364f4df2a88e96834c3c2c52edb7d67ae7a5ce1822c98dfe
platform-python-debug-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: 98310e714be65e955f05cd7ce32786da97596e8b3ccce56f36a0974f90e614ab
platform-python-devel-3.6.8-51.el8_8.10.i686.rpm	SHA-256: 43abd29b07d56e5a0acf1b592e60813f0f6b944394d60c2d7415d555354b2e41
platform-python-devel-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: 839161433def08fd30a2b6736d52d59f9f984900264bf280e82d8a520277482b
python3-debuginfo-3.6.8-51.el8_8.10.i686.rpm	SHA-256: fb77d87375dd91c7583473e69234e7516a46e23b169431e726a5322e67bd31d0
python3-debuginfo-3.6.8-51.el8_8.10.i686.rpm	SHA-256: fb77d87375dd91c7583473e69234e7516a46e23b169431e726a5322e67bd31d0
python3-debuginfo-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: 1f1b9e5b7ab7643d5120562a507cefa60730885cd18716e0ac5ff9acd73580eb
python3-debuginfo-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: 1f1b9e5b7ab7643d5120562a507cefa60730885cd18716e0ac5ff9acd73580eb
python3-debugsource-3.6.8-51.el8_8.10.i686.rpm	SHA-256: 0ec9b569f22c8af0be730108ece3412bb3b39a3d55ac66d6a8a0156e42d1d0a8
python3-debugsource-3.6.8-51.el8_8.10.i686.rpm	SHA-256: 0ec9b569f22c8af0be730108ece3412bb3b39a3d55ac66d6a8a0156e42d1d0a8
python3-debugsource-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: b6fda60f34b75806968795b7f5592ad09625fe23d4dedb38b22b1ee6a204b7b4
python3-debugsource-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: b6fda60f34b75806968795b7f5592ad09625fe23d4dedb38b22b1ee6a204b7b4
python3-idle-3.6.8-51.el8_8.10.i686.rpm	SHA-256: d90e94fbab2fd3cfdb2351d2947d6da24b044dc8301ca6ac73a6cd7b091b3540
python3-idle-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: 91335b43171d606d1162ad51df1822dc4c4af445960c9da12696b256b213893a
python3-libs-3.6.8-51.el8_8.10.i686.rpm	SHA-256: 2295051903e933f8561b7b03593e57db53b2b64d5f406fac3b3baec89da548b1
python3-libs-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: 5ff2a4af495efefb28912e0962a2c73ef54403ee2e89fe19d15e51d4cc33c328
python3-test-3.6.8-51.el8_8.10.i686.rpm	SHA-256: 93244466236fb381c910e7cdc4563ad2a7d3eb50526153a9bc80c49f40f87db3
python3-test-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: 9b1c142739cbc658a420a30a5ee80771add08d8d75baf7bca621cb3c9472e905
python3-tkinter-3.6.8-51.el8_8.10.i686.rpm	SHA-256: 00c5584fc3819d97a5d6148bfd9d794369888e2fcbf4894a7d1760c110010086
python3-tkinter-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: 6ccf1315d08c263d26fa42d2c792863e4298079b2ad96dc0e81c265bbc36a0d6

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
python3-3.6.8-51.el8_8.10.src.rpm	SHA-256: 9404790d486d8c8fc710557b6f03d51e1cf8becf95a6039bb9c688c58b73d471
ppc64le
platform-python-3.6.8-51.el8_8.10.ppc64le.rpm	SHA-256: 0e394c139c40cf79d1a04396784a05a28c6b9d89ed9c0fb2056f23ddbbd09cce
platform-python-debug-3.6.8-51.el8_8.10.ppc64le.rpm	SHA-256: 2a5177c39ca39b5419370c88d61d0ea731b7d53c5808118cf98873223405516f
platform-python-devel-3.6.8-51.el8_8.10.ppc64le.rpm	SHA-256: 08a31a6b47187519c5405c21cc9e2a2b1eab6c2f2bf273aced112cbc7f136b93
python3-debuginfo-3.6.8-51.el8_8.10.ppc64le.rpm	SHA-256: 845ded8fb31cde891e6d89658790e1f9719a71052f830349694443c66bc1459b
python3-debuginfo-3.6.8-51.el8_8.10.ppc64le.rpm	SHA-256: 845ded8fb31cde891e6d89658790e1f9719a71052f830349694443c66bc1459b
python3-debugsource-3.6.8-51.el8_8.10.ppc64le.rpm	SHA-256: 364db93d9f228b0965b675eb7ebfb189276e6f85a4de21f73cce847ef3195381
python3-debugsource-3.6.8-51.el8_8.10.ppc64le.rpm	SHA-256: 364db93d9f228b0965b675eb7ebfb189276e6f85a4de21f73cce847ef3195381
python3-idle-3.6.8-51.el8_8.10.ppc64le.rpm	SHA-256: c800a23aacb72680e3a37941b8fd982ff209210d0e2f89055ab9800c57d73848
python3-libs-3.6.8-51.el8_8.10.ppc64le.rpm	SHA-256: 87adb3443550c670380b0d5301b7c9f0a19adba503c5168b4c30406316a7eb1a
python3-test-3.6.8-51.el8_8.10.ppc64le.rpm	SHA-256: ba1cde3e0de95287cc85b993f458a44f4129e919a6f8a9041f2299d4781f2ed3
python3-tkinter-3.6.8-51.el8_8.10.ppc64le.rpm	SHA-256: dba531747ef6a7e1f99a88e406bc80ba06c1107b5da3da7625ab109074ce1356

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
python3-3.6.8-51.el8_8.10.src.rpm	SHA-256: 9404790d486d8c8fc710557b6f03d51e1cf8becf95a6039bb9c688c58b73d471
x86_64
platform-python-3.6.8-51.el8_8.10.i686.rpm	SHA-256: e43cfe52765b5b116524164b37a57649389039aa557ec6a828466c871b4a88f9
platform-python-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: 5f7e9a9e3321f9dda61eaea962ffdb00e3b0a91e51adf9b98920a3b117d70ea0
platform-python-debug-3.6.8-51.el8_8.10.i686.rpm	SHA-256: 8e49f75d64dc7fc7364f4df2a88e96834c3c2c52edb7d67ae7a5ce1822c98dfe
platform-python-debug-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: 98310e714be65e955f05cd7ce32786da97596e8b3ccce56f36a0974f90e614ab
platform-python-devel-3.6.8-51.el8_8.10.i686.rpm	SHA-256: 43abd29b07d56e5a0acf1b592e60813f0f6b944394d60c2d7415d555354b2e41
platform-python-devel-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: 839161433def08fd30a2b6736d52d59f9f984900264bf280e82d8a520277482b
python3-debuginfo-3.6.8-51.el8_8.10.i686.rpm	SHA-256: fb77d87375dd91c7583473e69234e7516a46e23b169431e726a5322e67bd31d0
python3-debuginfo-3.6.8-51.el8_8.10.i686.rpm	SHA-256: fb77d87375dd91c7583473e69234e7516a46e23b169431e726a5322e67bd31d0
python3-debuginfo-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: 1f1b9e5b7ab7643d5120562a507cefa60730885cd18716e0ac5ff9acd73580eb
python3-debuginfo-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: 1f1b9e5b7ab7643d5120562a507cefa60730885cd18716e0ac5ff9acd73580eb
python3-debugsource-3.6.8-51.el8_8.10.i686.rpm	SHA-256: 0ec9b569f22c8af0be730108ece3412bb3b39a3d55ac66d6a8a0156e42d1d0a8
python3-debugsource-3.6.8-51.el8_8.10.i686.rpm	SHA-256: 0ec9b569f22c8af0be730108ece3412bb3b39a3d55ac66d6a8a0156e42d1d0a8
python3-debugsource-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: b6fda60f34b75806968795b7f5592ad09625fe23d4dedb38b22b1ee6a204b7b4
python3-debugsource-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: b6fda60f34b75806968795b7f5592ad09625fe23d4dedb38b22b1ee6a204b7b4
python3-idle-3.6.8-51.el8_8.10.i686.rpm	SHA-256: d90e94fbab2fd3cfdb2351d2947d6da24b044dc8301ca6ac73a6cd7b091b3540
python3-idle-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: 91335b43171d606d1162ad51df1822dc4c4af445960c9da12696b256b213893a
python3-libs-3.6.8-51.el8_8.10.i686.rpm	SHA-256: 2295051903e933f8561b7b03593e57db53b2b64d5f406fac3b3baec89da548b1
python3-libs-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: 5ff2a4af495efefb28912e0962a2c73ef54403ee2e89fe19d15e51d4cc33c328
python3-test-3.6.8-51.el8_8.10.i686.rpm	SHA-256: 93244466236fb381c910e7cdc4563ad2a7d3eb50526153a9bc80c49f40f87db3
python3-test-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: 9b1c142739cbc658a420a30a5ee80771add08d8d75baf7bca621cb3c9472e905
python3-tkinter-3.6.8-51.el8_8.10.i686.rpm	SHA-256: 00c5584fc3819d97a5d6148bfd9d794369888e2fcbf4894a7d1760c110010086
python3-tkinter-3.6.8-51.el8_8.10.x86_64.rpm	SHA-256: 6ccf1315d08c263d26fa42d2c792863e4298079b2ad96dc0e81c265bbc36a0d6

Red Hat 安全团队联络方式为 secalert@redhat.com。更多联络细节请参考 https://access.redhat.com/security/team/contact/。

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

RHSA-2025:10602 - Security Advisory

概述

类型/严重性

Red Hat Lightspeed patch analysis

标题

描述

解决方案

受影响的产品

修复

CVE

参考

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8

Red Hat Enterprise Linux Server - TUS 8.8

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

Quick Links

Help

Site Info

Related Sites

Red Hat legal and privacy links

Red Hat legal and privacy links