An update for python3 is now available for openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-1053 Final 1.0 1.0 2026-01-16 Initial 2026-01-16 2026-01-16 openEuler SA Tool V1.0 2026-01-16 python3 security update An update for python3 is now available for openEuler-22.03-LTS-SP3 Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C++ (or other languages, depending on the chosen implementation). Python is also usable as an extension language for applications written in other languages that need easy-to-use scripting or automation interfaces. Security Fix(es): When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.(CVE-2025-12084) When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.(CVE-2025-13836) When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues(CVE-2025-13837) An update for python3 is now available for openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium python3 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1053 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-12084 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-13836 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-13837 https://nvd.nist.gov/vuln/detail/CVE-2025-12084 https://nvd.nist.gov/vuln/detail/CVE-2025-13836 https://nvd.nist.gov/vuln/detail/CVE-2025-13837 openEuler-22.03-LTS-SP3 python3-3.9.9-46.oe2203sp3.aarch64.rpm python3-debug-3.9.9-46.oe2203sp3.aarch64.rpm python3-debuginfo-3.9.9-46.oe2203sp3.aarch64.rpm python3-debugsource-3.9.9-46.oe2203sp3.aarch64.rpm python3-devel-3.9.9-46.oe2203sp3.aarch64.rpm python3-unversioned-command-3.9.9-46.oe2203sp3.aarch64.rpm python3-3.9.9-46.oe2203sp3.src.rpm python3-3.9.9-46.oe2203sp3.x86_64.rpm python3-debug-3.9.9-46.oe2203sp3.x86_64.rpm python3-debuginfo-3.9.9-46.oe2203sp3.x86_64.rpm python3-debugsource-3.9.9-46.oe2203sp3.x86_64.rpm python3-devel-3.9.9-46.oe2203sp3.x86_64.rpm python3-unversioned-command-3.9.9-46.oe2203sp3.x86_64.rpm python3-help-3.9.9-46.oe2203sp3.noarch.rpm When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents. 2026-01-16 CVE-2025-12084 openEuler-22.03-LTS-SP3 Medium 6.3 AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N python3 security update 2026-01-16 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1053 When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS. 2026-01-16 CVE-2025-13836 openEuler-22.03-LTS-SP3 Medium 6.8 AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H python3 security update 2026-01-16 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1053 When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues 2026-01-16 CVE-2025-13837 openEuler-22.03-LTS-SP3 Medium 5.9 AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H python3 security update 2026-01-16 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1053