SUSE-SU-2026:1376-1

UNKNOWN

Security update for python310

Published Apr 15, 2026

Modified 3 days ago

Fix available

Details

This update for python310 fixes the following issues:

CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611).
CVE-2026-3479: improper resource argument validation in pkgutil.get_data() can lead to path traversal (bsc#1259989).
CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734).
CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735).
CVE-2026-4519: failure to sanitize leading dashes in URLs in the webbrowser.open() API can lead to web browser command line option injection (bsc#1260026).

Affected Packages(17 packages)

libpython3_10-1_0

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP4-LTSSSUSE Linux Enterprise Server 15 SP4-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP4openSUSE Leap 15.6

Fixed in:

3.10.20-150400.4.107.1

python310

Fixed in:

3.10.20-150400.4.107.1

python310-base

Fixed in:

3.10.20-150400.4.107.1

python310-core

Fixed in:

3.10.20-150400.4.107.1

python310-curses