Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:9918 https://access.redhat.com/errata/RHSA-2025:9918
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:10026 https://access.redhat.com/errata/RHSA-2025:10026
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:10028 https://access.redhat.com/errata/RHSA-2025:10028
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:10031 https://access.redhat.com/errata/RHSA-2025:10031
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:10128 https://access.redhat.com/errata/RHSA-2025:10128
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:10136 https://access.redhat.com/errata/RHSA-2025:10136
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:10140 https://access.redhat.com/errata/RHSA-2025:10140
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:10148 https://access.redhat.com/errata/RHSA-2025:10148
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:10189 https://access.redhat.com/errata/RHSA-2025:10189
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:10399 https://access.redhat.com/errata/RHSA-2025:10399
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Red Hat Enterprise Linux 8.6 Extended Update Support EXTENSION Via RHSA-2025:10484 https://access.redhat.com/errata/RHSA-2025:10484
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Red Hat Enterprise Linux 8.8 Extended Update Support EXTENSION Via RHSA-2025:10602 https://access.redhat.com/errata/RHSA-2025:10602
This issue has been addressed in the following products: RHEL-8 based Middleware Containers Via RHSA-2025:11386 https://access.redhat.com/errata/RHSA-2025:11386