Msrc Azl3 Python3 3.12.9-1 On Azure Linux 3.0 vulnerabilities

CVE-2025-4138 [HIGH] CWE-22 Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with th

CVE-2025-4330 [HIGH] CWE-22 Extraction filter bypass for linking outside extraction directory Extraction filter bypass for linking outside extraction directory FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libr

CVE-2025-50181 [MEDIUM] CWE-601 urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most rec

CVE-2025-4435 [HIGH] CWE-682 Tarfile extracts filtered members when errorlevel=0 Tarfile extracts filtered members when errorlevel=0 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2024-12718 [MEDIUM] CWE-22 Bypass extraction filter to modify file metadata outside extraction directory Bypass extraction filter to modify file metadata outside extraction directory FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versi

CVE-2025-47273 [HIGH] CWE-22 setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it

CVE-2024-8176 [HIGH] CWE-674 Libexpat: expat: improper restriction of xml entity expansion depth in libexpat Libexpat: expat: improper restriction of xml entity expansion depth in libexpat FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure ver

CVE-2024-3220 [LOW] CWE-426 Default mimetype known files writeable on Windows Default mimetype known files writeable on Windows FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is c

CVE-2024-9287 [MEDIUM] CWE-428 Virtual environment (venv) activation scripts don't quote paths Virtual environment (venv) activation scripts don't quote paths FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libra

CVE-2024-6345 [HIGH] CWE-94 Remote Code Execution in pypa/setuptools Remote Code Execution in pypa/setuptools FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft

CVE-2024-4032 [HIGH] CWE-697 Incorrect IPv4 and IPv6 private ranges Incorrect IPv4 and IPv6 private ranges FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is