红帽产品勘误 RHSA-2025:9918 - Security Advisory
发布:
2025-06-30
已更新:
2025-06-30

RHSA-2025:9918 - Security Advisory

概述

Important: python3.11 security update

类型/严重性

Security Advisory: Important

Red Hat Lightspeed patch analysis

识别并修复受此公告影响的系统。

查看受影响的系统

标题

An update for python3.11 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

  • cpython: Tarfile extracts filtered members when errorlevel=0 (CVE-2025-4435)
  • cpython: Bypass extraction filter to modify file metadata outside extraction directory (CVE-2024-12718)
  • cpython: Extraction filter bypass for linking outside extraction directory (CVE-2025-4330)
  • python: cpython: Arbitrary writes via tarfile realpath overflow (CVE-2025-4517)
  • cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory (CVE-2025-4138)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

解决方案

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

受影响的产品

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 ppc64le
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x

修复

  • BZ - 2370010 - CVE-2025-4435 cpython: Tarfile extracts filtered members when errorlevel=0
  • BZ - 2370013 - CVE-2024-12718 cpython: python: Bypass extraction filter to modify file metadata outside extraction directory
  • BZ - 2370014 - CVE-2025-4330 cpython: Extraction filter bypass for linking outside extraction directory
  • BZ - 2370016 - CVE-2025-4517 python: cpython: Arbitrary writes via tarfile realpath overflow
  • BZ - 2372426 - CVE-2025-4138 cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
python3.11-3.11.7-1.el9_4.8.src.rpm SHA-256: d5828cd81525c2753b9674a940a97361c682595dab50ce4f1c522c115bd76897
x86_64
python3.11-3.11.7-1.el9_4.8.x86_64.rpm SHA-256: 18cdbf7536c4088427443918db4642020ee39788be5b1cdb9a1c8ebe1b8f9750
python3.11-debuginfo-3.11.7-1.el9_4.8.i686.rpm SHA-256: c721b00b3720de045d3f564e30be97d81cf2c123ec85c563df9237434feb0dc6
python3.11-debuginfo-3.11.7-1.el9_4.8.x86_64.rpm SHA-256: b6d2e70f5a509caa270bc5ef1079b116851df7b6efd2bf028809296e3eb261a7
python3.11-debugsource-3.11.7-1.el9_4.8.i686.rpm SHA-256: 8ead201e0c9ceed25c7fd8b5a35d633b6f90acbba8751e73e72ab2546af8ffeb
python3.11-debugsource-3.11.7-1.el9_4.8.x86_64.rpm SHA-256: d918c8034d0445b516888e08a728765bd1f5ec6374ea5e841806d4ebe571a35f
python3.11-devel-3.11.7-1.el9_4.8.i686.rpm SHA-256: 934612b782757cbb79e49831ba481a8a03a5920b1da43d863ec9965daf091e83
python3.11-devel-3.11.7-1.el9_4.8.x86_64.rpm SHA-256: 933f70874924fa04dab916d0c5a731283199130327f17c2bba9e8dde84802246
python3.11-libs-3.11.7-1.el9_4.8.i686.rpm SHA-256: 84ed4bfe328d2f459d9c66230c8c62190c7db0fa5c1d141972455471bca44cc4
python3.11-libs-3.11.7-1.el9_4.8.x86_64.rpm SHA-256: b694a3ead1408f8bc2d9222af5991d4891d134b32ccd31a046b391869e37e78d
python3.11-tkinter-3.11.7-1.el9_4.8.x86_64.rpm SHA-256: d0013b40473ce8f649e949a77e92178a9a17cfa92561dce25417d04b58e42483

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
python3.11-3.11.7-1.el9_4.8.src.rpm SHA-256: d5828cd81525c2753b9674a940a97361c682595dab50ce4f1c522c115bd76897
x86_64
python3.11-3.11.7-1.el9_4.8.x86_64.rpm SHA-256: 18cdbf7536c4088427443918db4642020ee39788be5b1cdb9a1c8ebe1b8f9750
python3.11-debuginfo-3.11.7-1.el9_4.8.i686.rpm SHA-256: c721b00b3720de045d3f564e30be97d81cf2c123ec85c563df9237434feb0dc6
python3.11-debuginfo-3.11.7-1.el9_4.8.x86_64.rpm SHA-256: b6d2e70f5a509caa270bc5ef1079b116851df7b6efd2bf028809296e3eb261a7
python3.11-debugsource-3.11.7-1.el9_4.8.i686.rpm SHA-256: 8ead201e0c9ceed25c7fd8b5a35d633b6f90acbba8751e73e72ab2546af8ffeb
python3.11-debugsource-3.11.7-1.el9_4.8.x86_64.rpm SHA-256: d918c8034d0445b516888e08a728765bd1f5ec6374ea5e841806d4ebe571a35f
python3.11-devel-3.11.7-1.el9_4.8.i686.rpm SHA-256: 934612b782757cbb79e49831ba481a8a03a5920b1da43d863ec9965daf091e83
python3.11-devel-3.11.7-1.el9_4.8.x86_64.rpm SHA-256: 933f70874924fa04dab916d0c5a731283199130327f17c2bba9e8dde84802246
python3.11-libs-3.11.7-1.el9_4.8.i686.rpm SHA-256: 84ed4bfe328d2f459d9c66230c8c62190c7db0fa5c1d141972455471bca44cc4
python3.11-libs-3.11.7-1.el9_4.8.x86_64.rpm SHA-256: b694a3ead1408f8bc2d9222af5991d4891d134b32ccd31a046b391869e37e78d
python3.11-tkinter-3.11.7-1.el9_4.8.x86_64.rpm SHA-256: d0013b40473ce8f649e949a77e92178a9a17cfa92561dce25417d04b58e42483

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
python3.11-3.11.7-1.el9_4.8.src.rpm SHA-256: d5828cd81525c2753b9674a940a97361c682595dab50ce4f1c522c115bd76897
s390x
python3.11-3.11.7-1.el9_4.8.s390x.rpm SHA-256: 97054409c1307a381ef16ae47d56a191a26b22095d9b5ce3d7a4f945243c2ad8
python3.11-debuginfo-3.11.7-1.el9_4.8.s390x.rpm SHA-256: fc0b4653063ca4140e09b3c14b88bcc3e75cfe02a161e760e47eb8f00d41a974
python3.11-debugsource-3.11.7-1.el9_4.8.s390x.rpm SHA-256: 4b9b409684d04a904b4c39f64f7a0e44f98ea6dc9f18fa9bc4c13119ae285d4b
python3.11-devel-3.11.7-1.el9_4.8.s390x.rpm SHA-256: 056c026a148cd6556ea03cfdec877c65a8c5dc888a3506731573372c66932311
python3.11-libs-3.11.7-1.el9_4.8.s390x.rpm SHA-256: d077515a80ed06971262366abc6086fcf2b1313f0a695b41dc638299a7f4a77a
python3.11-tkinter-3.11.7-1.el9_4.8.s390x.rpm SHA-256: b42427aab2672b4dbdd1e39c0f6baf470ef5653d2a02416288faca18ba66d845

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
python3.11-3.11.7-1.el9_4.8.src.rpm SHA-256: d5828cd81525c2753b9674a940a97361c682595dab50ce4f1c522c115bd76897
ppc64le
python3.11-3.11.7-1.el9_4.8.ppc64le.rpm SHA-256: 4e479fe24a12a8d350c06db686d10bcbafbaf5e6e196abc3d8955bd025f9ca03
python3.11-debuginfo-3.11.7-1.el9_4.8.ppc64le.rpm SHA-256: 39ac1f9195f556352ce359a3bde3219fcfb5957e4fb8b72da956ff976ce1ff1b
python3.11-debugsource-3.11.7-1.el9_4.8.ppc64le.rpm SHA-256: 1f2135d2e462469ac32effffe6fcfc453b4334f598685bfead00ecf8c3a61134
python3.11-devel-3.11.7-1.el9_4.8.ppc64le.rpm SHA-256: d4bea13cc15daaf08d90d6599e9107b4229bf2dc1d98fa832da80b53655728ff
python3.11-libs-3.11.7-1.el9_4.8.ppc64le.rpm SHA-256: 499305eb6008939e8dcb7622b95d30f7b8830f1c9691a9c1ba26cc900ea78734
python3.11-tkinter-3.11.7-1.el9_4.8.ppc64le.rpm SHA-256: 469a1f6ac87e7a1d04b7ee3bc0bf5aee3961b9d91d599d118c1264bc98d37a9b

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
python3.11-3.11.7-1.el9_4.8.src.rpm SHA-256: d5828cd81525c2753b9674a940a97361c682595dab50ce4f1c522c115bd76897
aarch64
python3.11-3.11.7-1.el9_4.8.aarch64.rpm SHA-256: e280d4bdfee2a8b1fcbfeb941b3abc0a6a135a73827a3a8ba6c64057b476266f
python3.11-debuginfo-3.11.7-1.el9_4.8.aarch64.rpm SHA-256: 3f05e0904656cae3fbf37421a8e9386167d9fd5dabbb67a3d775e5a25d3ed075
python3.11-debugsource-3.11.7-1.el9_4.8.aarch64.rpm SHA-256: c620081df4a9d41297edba43579a69e3215168e0532811a6d882dedd3abf394a
python3.11-devel-3.11.7-1.el9_4.8.aarch64.rpm SHA-256: 860a8ec662f3dcb20b4bd0cddc8fed12889f9f6f516fa96ed8c7e0f96b8d5267
python3.11-libs-3.11.7-1.el9_4.8.aarch64.rpm SHA-256: d864503b22737c19078854726b263364b9d4bd0a610df1abdbe7f6dfb5cdc3a7
python3.11-tkinter-3.11.7-1.el9_4.8.aarch64.rpm SHA-256: 0a95705fb2ac5d895053c1321c799282b2f683bb2e9a949c463e12400f02c159

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
python3.11-3.11.7-1.el9_4.8.src.rpm SHA-256: d5828cd81525c2753b9674a940a97361c682595dab50ce4f1c522c115bd76897
ppc64le
python3.11-3.11.7-1.el9_4.8.ppc64le.rpm SHA-256: 4e479fe24a12a8d350c06db686d10bcbafbaf5e6e196abc3d8955bd025f9ca03
python3.11-debuginfo-3.11.7-1.el9_4.8.ppc64le.rpm SHA-256: 39ac1f9195f556352ce359a3bde3219fcfb5957e4fb8b72da956ff976ce1ff1b
python3.11-debugsource-3.11.7-1.el9_4.8.ppc64le.rpm SHA-256: 1f2135d2e462469ac32effffe6fcfc453b4334f598685bfead00ecf8c3a61134
python3.11-devel-3.11.7-1.el9_4.8.ppc64le.rpm SHA-256: d4bea13cc15daaf08d90d6599e9107b4229bf2dc1d98fa832da80b53655728ff
python3.11-libs-3.11.7-1.el9_4.8.ppc64le.rpm SHA-256: 499305eb6008939e8dcb7622b95d30f7b8830f1c9691a9c1ba26cc900ea78734
python3.11-tkinter-3.11.7-1.el9_4.8.ppc64le.rpm SHA-256: 469a1f6ac87e7a1d04b7ee3bc0bf5aee3961b9d91d599d118c1264bc98d37a9b

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
python3.11-3.11.7-1.el9_4.8.src.rpm SHA-256: d5828cd81525c2753b9674a940a97361c682595dab50ce4f1c522c115bd76897
x86_64
python3.11-3.11.7-1.el9_4.8.x86_64.rpm SHA-256: 18cdbf7536c4088427443918db4642020ee39788be5b1cdb9a1c8ebe1b8f9750
python3.11-debuginfo-3.11.7-1.el9_4.8.i686.rpm SHA-256: c721b00b3720de045d3f564e30be97d81cf2c123ec85c563df9237434feb0dc6
python3.11-debuginfo-3.11.7-1.el9_4.8.x86_64.rpm SHA-256: b6d2e70f5a509caa270bc5ef1079b116851df7b6efd2bf028809296e3eb261a7
python3.11-debugsource-3.11.7-1.el9_4.8.i686.rpm SHA-256: 8ead201e0c9ceed25c7fd8b5a35d633b6f90acbba8751e73e72ab2546af8ffeb
python3.11-debugsource-3.11.7-1.el9_4.8.x86_64.rpm SHA-256: d918c8034d0445b516888e08a728765bd1f5ec6374ea5e841806d4ebe571a35f
python3.11-devel-3.11.7-1.el9_4.8.i686.rpm SHA-256: 934612b782757cbb79e49831ba481a8a03a5920b1da43d863ec9965daf091e83
python3.11-devel-3.11.7-1.el9_4.8.x86_64.rpm SHA-256: 933f70874924fa04dab916d0c5a731283199130327f17c2bba9e8dde84802246
python3.11-libs-3.11.7-1.el9_4.8.i686.rpm SHA-256: 84ed4bfe328d2f459d9c66230c8c62190c7db0fa5c1d141972455471bca44cc4
python3.11-libs-3.11.7-1.el9_4.8.x86_64.rpm SHA-256: b694a3ead1408f8bc2d9222af5991d4891d134b32ccd31a046b391869e37e78d
python3.11-tkinter-3.11.7-1.el9_4.8.x86_64.rpm SHA-256: d0013b40473ce8f649e949a77e92178a9a17cfa92561dce25417d04b58e42483

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4

SRPM
x86_64
python3.11-3.11.7-1.el9_4.8.i686.rpm SHA-256: 16f05404e556e869466eea7fb44f92d970617690801a9cd193287db33779def3
python3.11-debug-3.11.7-1.el9_4.8.i686.rpm SHA-256: 80ef9a4df555f664c9de6c800861982537e8d4802a75c22d66373fb45dd0e48d
python3.11-debug-3.11.7-1.el9_4.8.x86_64.rpm SHA-256: d99fb5b46a37c6de1e0bd6883c342aa417787c3f08268092514baf0d58634ea9
python3.11-debuginfo-3.11.7-1.el9_4.8.i686.rpm SHA-256: c721b00b3720de045d3f564e30be97d81cf2c123ec85c563df9237434feb0dc6
python3.11-debuginfo-3.11.7-1.el9_4.8.x86_64.rpm SHA-256: b6d2e70f5a509caa270bc5ef1079b116851df7b6efd2bf028809296e3eb261a7
python3.11-debugsource-3.11.7-1.el9_4.8.i686.rpm SHA-256: 8ead201e0c9ceed25c7fd8b5a35d633b6f90acbba8751e73e72ab2546af8ffeb
python3.11-debugsource-3.11.7-1.el9_4.8.x86_64.rpm SHA-256: d918c8034d0445b516888e08a728765bd1f5ec6374ea5e841806d4ebe571a35f
python3.11-idle-3.11.7-1.el9_4.8.i686.rpm SHA-256: a1f79cedeaacf646ba510a9466cca33892a4c0225769051278300d3f099a79d8
python3.11-idle-3.11.7-1.el9_4.8.x86_64.rpm SHA-256: 69453ac97cd1912efb19557055b485f84c4fd12605fd2a21b8a6dad78e92fd9a
python3.11-test-3.11.7-1.el9_4.8.i686.rpm SHA-256: f78236c75d1ee3d3de55cc8e216e70ad9eceda0f017a5c186232144baf2e669c
python3.11-test-3.11.7-1.el9_4.8.x86_64.rpm SHA-256: ee6ecf0c0eb5f38e5bc51d67fc2128b0c7341f518d7f3ab34f73a8c545a68010
python3.11-tkinter-3.11.7-1.el9_4.8.i686.rpm SHA-256: a2fd21fd7fa8b6fb6a678b18ca3a37a2eb5e7f6d33009dd710a4a00720de8353

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4

SRPM
ppc64le
python3.11-debug-3.11.7-1.el9_4.8.ppc64le.rpm SHA-256: b0b2dff2ea8f0768924f442ca3384f0b767245b053abc40ad6305271a6a0053d
python3.11-debuginfo-3.11.7-1.el9_4.8.ppc64le.rpm SHA-256: 39ac1f9195f556352ce359a3bde3219fcfb5957e4fb8b72da956ff976ce1ff1b
python3.11-debugsource-3.11.7-1.el9_4.8.ppc64le.rpm SHA-256: 1f2135d2e462469ac32effffe6fcfc453b4334f598685bfead00ecf8c3a61134
python3.11-idle-3.11.7-1.el9_4.8.ppc64le.rpm SHA-256: 6f93fd1e02acbc2bfed23d21a9ece5334a9d929de7276bfded15d65582ddd600
python3.11-test-3.11.7-1.el9_4.8.ppc64le.rpm SHA-256: 1f64b6dd93ceaf99f1fb55c37e3e49b7344f634083f9f196a1254a22357b6d9d

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4

SRPM
s390x
python3.11-debug-3.11.7-1.el9_4.8.s390x.rpm SHA-256: 68359629937a67ab6d14161e39d9658fc973c067639194d88706379bd500bf21
python3.11-debuginfo-3.11.7-1.el9_4.8.s390x.rpm SHA-256: fc0b4653063ca4140e09b3c14b88bcc3e75cfe02a161e760e47eb8f00d41a974
python3.11-debugsource-3.11.7-1.el9_4.8.s390x.rpm SHA-256: 4b9b409684d04a904b4c39f64f7a0e44f98ea6dc9f18fa9bc4c13119ae285d4b
python3.11-idle-3.11.7-1.el9_4.8.s390x.rpm SHA-256: 8baac30fbd12736f7f038c87e6f03a80ac6be676e0bec10fc543522478636b13
python3.11-test-3.11.7-1.el9_4.8.s390x.rpm SHA-256: 6aacc9b7b2c171434282960f7a719607965c98d1d53cca7721221f054acf631b

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4

SRPM
aarch64
python3.11-debug-3.11.7-1.el9_4.8.aarch64.rpm SHA-256: 08b4cc9498a56e72d13cd7ca7ca1c2a48770c9d8902fe0743c1e491ae0683b6d
python3.11-debuginfo-3.11.7-1.el9_4.8.aarch64.rpm SHA-256: 3f05e0904656cae3fbf37421a8e9386167d9fd5dabbb67a3d775e5a25d3ed075
python3.11-debugsource-3.11.7-1.el9_4.8.aarch64.rpm SHA-256: c620081df4a9d41297edba43579a69e3215168e0532811a6d882dedd3abf394a
python3.11-idle-3.11.7-1.el9_4.8.aarch64.rpm SHA-256: cb542deb0eea1814c093db6e1a9b6a86c5cc755d6983739d303955be3e3bbebf
python3.11-test-3.11.7-1.el9_4.8.aarch64.rpm SHA-256: 559427ce6a8074b9157eda15f2b360eadad68e618e2c2c4708183bf986c850ee

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
python3.11-3.11.7-1.el9_4.8.src.rpm SHA-256: d5828cd81525c2753b9674a940a97361c682595dab50ce4f1c522c115bd76897
aarch64
python3.11-3.11.7-1.el9_4.8.aarch64.rpm SHA-256: e280d4bdfee2a8b1fcbfeb941b3abc0a6a135a73827a3a8ba6c64057b476266f
python3.11-debuginfo-3.11.7-1.el9_4.8.aarch64.rpm SHA-256: 3f05e0904656cae3fbf37421a8e9386167d9fd5dabbb67a3d775e5a25d3ed075
python3.11-debugsource-3.11.7-1.el9_4.8.aarch64.rpm SHA-256: c620081df4a9d41297edba43579a69e3215168e0532811a6d882dedd3abf394a
python3.11-devel-3.11.7-1.el9_4.8.aarch64.rpm SHA-256: 860a8ec662f3dcb20b4bd0cddc8fed12889f9f6f516fa96ed8c7e0f96b8d5267
python3.11-libs-3.11.7-1.el9_4.8.aarch64.rpm SHA-256: d864503b22737c19078854726b263364b9d4bd0a610df1abdbe7f6dfb5cdc3a7
python3.11-tkinter-3.11.7-1.el9_4.8.aarch64.rpm SHA-256: 0a95705fb2ac5d895053c1321c799282b2f683bb2e9a949c463e12400f02c159

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
python3.11-3.11.7-1.el9_4.8.src.rpm SHA-256: d5828cd81525c2753b9674a940a97361c682595dab50ce4f1c522c115bd76897
s390x
python3.11-3.11.7-1.el9_4.8.s390x.rpm SHA-256: 97054409c1307a381ef16ae47d56a191a26b22095d9b5ce3d7a4f945243c2ad8
python3.11-debuginfo-3.11.7-1.el9_4.8.s390x.rpm SHA-256: fc0b4653063ca4140e09b3c14b88bcc3e75cfe02a161e760e47eb8f00d41a974
python3.11-debugsource-3.11.7-1.el9_4.8.s390x.rpm SHA-256: 4b9b409684d04a904b4c39f64f7a0e44f98ea6dc9f18fa9bc4c13119ae285d4b
python3.11-devel-3.11.7-1.el9_4.8.s390x.rpm SHA-256: 056c026a148cd6556ea03cfdec877c65a8c5dc888a3506731573372c66932311
python3.11-libs-3.11.7-1.el9_4.8.s390x.rpm SHA-256: d077515a80ed06971262366abc6086fcf2b1313f0a695b41dc638299a7f4a77a
python3.11-tkinter-3.11.7-1.el9_4.8.s390x.rpm SHA-256: b42427aab2672b4dbdd1e39c0f6baf470ef5653d2a02416288faca18ba66d845

Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/