Critical: kusanagi-python312 Security Update

Security Advisory

Synopsis

Issued 2025-06-13
Severity Critical
Updated Packages kusanagi-python312
Affected Products KUSANAGI 9, Business Edition, Page Speed Technology

Description

An update for kusanagi-php81 is now available.

Security fix(es):

  • Fixed  (cpython: Bypass extraction filter to modify file metadata outside extraction directory). (CVE-2024-12718)
  • Fixed  (cpython: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory). (CVE-2025-4138)
  • Fixed  (cpython: Extraction filter bypass for linking outside extraction directory). (CVE-2025-4330)
  • Fixed  (cpython: Arbitrary writes via tarfile realpath overflow). (CVE-2025-4517)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE information may not yet be available on those websites.

References

Updated packages listed below

This product uses the NVD API but is not endorsed or certified by the NVD.

kusanagi-php81 Module Update 8.1.32-3

kusanagi-python Module Update 3.9.23-1

KUSANAGI Open Source Licenses | KUSANAGI Business Edition, Premium Edition, Security Edition End-User License Agreement

KUSANAGI Logo and Mascots | Privacy Policy | Vulnerability Disclosure Policy | Contact US

© 2015 - 2025 Prime Strategy Co., Ltd. All rights reserved

KUSANAGI
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.