SUSE-SU-2026:1206-1

Details

This update for python fixes the following issues:

CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611).
CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734).
CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735).
CVE-2026-4519: failure to sanitize leading dashes in URLs in the webbrowser.open() API can lead to web browser command line option injection (bsc#1260026).

Affected Packages(15 packages)

libpython2_7-1_0

SUSE Linux Enterprise Module for Package Hub 15 SP7openSUSE Leap 15.6

Fixed in:

2.7.18-150000.111.1

python

SUSE Linux Enterprise Module for Package Hub 15 SP7openSUSE Leap 15.6

Fixed in:

2.7.18-150000.111.1

python-base

SUSE Linux Enterprise Module for Package Hub 15 SP7openSUSE Leap 15.6

Fixed in: