OESA-2026-1052

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1052

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2026-1052.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2026-1052

Upstream

CVE-2025-12084

CVE-2025-13836

CVE-2025-13837

Published

2026-01-16T11:57:08Z

Modified

2026-01-16T12:30:16.215871Z

Summary

python3 security update

Details

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C++ (or other languages, depending on the chosen implementation). Python is also usable as an extension language for applications written in other languages that need easy-to-use scripting or automation interfaces.

Security Fix(es):

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on clearid_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.(CVE-2025-12084)

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.(CVE-2025-13836)

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues(CVE-2025-13837)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:20.03-LTS-SP4 / python3

Package

Name: python3
Purl: pkg:rpm/openEuler/python3&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.7.9-50.oe2003sp4

Ecosystem specific

{
    "x86_64": [
        "python3-3.7.9-50.oe2003sp4.x86_64.rpm",
        "python3-debug-3.7.9-50.oe2003sp4.x86_64.rpm",
        "python3-debuginfo-3.7.9-50.oe2003sp4.x86_64.rpm",
        "python3-debugsource-3.7.9-50.oe2003sp4.x86_64.rpm",
        "python3-devel-3.7.9-50.oe2003sp4.x86_64.rpm"
    ],
    "src": [
        "python3-3.7.9-50.oe2003sp4.src.rpm"
    ],
    "noarch": [
        "python3-help-3.7.9-50.oe2003sp4.noarch.rpm"
    ],
    "aarch64": [
        "python3-3.7.9-50.oe2003sp4.aarch64.rpm",
        "python3-debug-3.7.9-50.oe2003sp4.aarch64.rpm",
        "python3-debuginfo-3.7.9-50.oe2003sp4.aarch64.rpm",
        "python3-debugsource-3.7.9-50.oe2003sp4.aarch64.rpm",
        "python3-devel-3.7.9-50.oe2003sp4.aarch64.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2026-1052.json"