{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2025-8194: fix infinite loop and deadlock in TarFile extraction and\n entry enumeration APIs", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/rhel7els/advisories/2025/clsa-2025_1763033941.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1763033941", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1763033941" } ], "tracking": { "current_release_date": "2025-11-13T11:39:38Z", "generator": { "date": "2025-11-13T11:39:38Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1763033941", "initial_release_date": "2025-11-13T11:39:38Z", "revision_history": [ { "date": "2025-11-13T11:39:38Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "python: Fix of CVE-2025-8194" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux 7", "product": { "name": "Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7", "product_identification_helper": { "cpe": "cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "python-tools-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "product": { "name": "python-tools-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "product_id": "python-tools-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python-tools@2.7.5-94.0.1.el7_9.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "python-debug-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "product": { "name": "python-debug-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "product_id": "python-debug-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python-debug@2.7.5-94.0.1.el7_9.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "tkinter-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "product": { "name": "tkinter-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "product_id": "tkinter-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/tkinter@2.7.5-94.0.1.el7_9.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "python-devel-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "product": { "name": "python-devel-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "product_id": "python-devel-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python-devel@2.7.5-94.0.1.el7_9.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "python-libs-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "product": { "name": "python-libs-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "product_id": "python-libs-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python-libs@2.7.5-94.0.1.el7_9.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "python-test-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "product": { "name": "python-test-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "product_id": "python-test-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python-test@2.7.5-94.0.1.el7_9.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "python-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "product": { "name": "python-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "product_id": "python-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python@2.7.5-94.0.1.el7_9.tuxcare.els2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "python-libs-0:2.7.5-94.0.1.el7_9.tuxcare.els2.i686", "product": { "name": "python-libs-0:2.7.5-94.0.1.el7_9.tuxcare.els2.i686", "product_id": "python-libs-0:2.7.5-94.0.1.el7_9.tuxcare.els2.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python-libs@2.7.5-94.0.1.el7_9.tuxcare.els2?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "python-tools-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:python-tools-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64" }, "product_reference": "python-tools-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "python-debug-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:python-debug-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64" }, "product_reference": "python-debug-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "tkinter-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:tkinter-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64" }, "product_reference": "tkinter-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "python-devel-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:python-devel-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64" }, "product_reference": "python-devel-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "python-libs-0:2.7.5-94.0.1.el7_9.tuxcare.els2.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:python-libs-0:2.7.5-94.0.1.el7_9.tuxcare.els2.i686" }, "product_reference": "python-libs-0:2.7.5-94.0.1.el7_9.tuxcare.els2.i686", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "python-libs-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:python-libs-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64" }, "product_reference": "python-libs-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "python-test-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:python-test-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64" }, "product_reference": "python-test-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "python-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:python-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64" }, "product_reference": "python-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-8194", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition ('Infinite Loop')" }, "notes": [ { "category": "description", "text": "There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. \nThis vulnerability can be mitigated by including the following patch after importing the “tarfile” module:  https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red-Hat-7:python-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:python-debug-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:python-devel-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:python-libs-0:2.7.5-94.0.1.el7_9.tuxcare.els2.i686", "Red-Hat-7:python-libs-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:python-test-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:python-tools-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:tkinter-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-8194" } ], "release_date": "2025-07-28T18:42:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red-Hat-7:python-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:python-debug-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:python-devel-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:python-libs-0:2.7.5-94.0.1.el7_9.tuxcare.els2.i686", "Red-Hat-7:python-libs-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:python-test-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:python-tools-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64", "Red-Hat-7:tkinter-0:2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }