Amazon Linux 2023 Security Advisory: ALAS2023-2025-1308
Advisory Released Date: 2025-12-08
Advisory Updated Date: 2025-12-08
Severity:
Low
Issue Overview:
If the value passed to os.path.expandvars() is user-controlled a
performance degradation is possible when expanding environment
variables. (CVE-2025-6075)
Affected Packages:
python3.13
Issue Correction:
Run dnf update python3.13 --releasever 2023.9.20251208 or dnf update --advisory ALAS2023-2025-1308 --releasever 2023.9.20251208 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
python3.13-tkinter-3.13.3-3.amzn2023.0.8.aarch64
python3.13-devel-3.13.3-3.amzn2023.0.8.aarch64
python3.13-idle-3.13.3-3.amzn2023.0.8.aarch64
python3.13-3.13.3-3.amzn2023.0.8.aarch64
python3.13-freethreading-debug-3.13.3-3.amzn2023.0.8.aarch64
python3.13-debugsource-3.13.3-3.amzn2023.0.8.aarch64
python3.13-debug-3.13.3-3.amzn2023.0.8.aarch64
python3.13-debuginfo-3.13.3-3.amzn2023.0.8.aarch64
python3.13-libs-3.13.3-3.amzn2023.0.8.aarch64
python3.13-test-3.13.3-3.amzn2023.0.8.aarch64
python3.13-freethreading-3.13.3-3.amzn2023.0.8.aarch64
src:
python3.13-3.13.3-3.amzn2023.0.8.src
x86_64:
python3.13-tkinter-3.13.3-3.amzn2023.0.8.x86_64
python3.13-3.13.3-3.amzn2023.0.8.x86_64
python3.13-devel-3.13.3-3.amzn2023.0.8.x86_64
python3.13-idle-3.13.3-3.amzn2023.0.8.x86_64
python3.13-debug-3.13.3-3.amzn2023.0.8.x86_64
python3.13-debugsource-3.13.3-3.amzn2023.0.8.x86_64
python3.13-libs-3.13.3-3.amzn2023.0.8.x86_64
python3.13-debuginfo-3.13.3-3.amzn2023.0.8.x86_64
python3.13-test-3.13.3-3.amzn2023.0.8.x86_64
python3.13-freethreading-3.13.3-3.amzn2023.0.8.x86_64
python3.13-freethreading-debug-3.13.3-3.amzn2023.0.8.x86_64