SUSE-SU-2026:2464-1

HIGH8.1

Security update for python313

Published Jun 19, 2026

Modified 3 days ago

Fix available

Details

Description of the patch:

This update for python313 fixes the following issues

Security issues:

CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969).
CVE-2026-3446: Base64 decoding stops at first padded quad by default (bsc#1261970).
CVE-2026-4786: [oss-security][] CPython: Incomplete mitigation of , %action expansion for command injection to webbrowser.open() (bsc#1262319).
CVE-2026-6019: BaseCookie.js_output() does not neutralize characters in cookie values embedded in JS (bsc#1262654).
CVE-2026-6100: Arbitrary code execution or information disclosure via use-after-free in decompression modules (bsc#1262098).

Non security issue:

Add missing BR crypto-policies-scripts (need for the fix of bsc#1211301).

Affected Packages

libpython3_13-1_0

SUSE Linux Enterprise Desktop 15 SP7SUSE Linux Enterprise High Performance Computing 15 SP7SUSE Linux Enterprise Module for Python 3 15 SP7SUSE Linux Enterprise Server 15 SP7SUSE Linux Enterprise Server for SAP Applications 15 SP7

Fixed in:

3.13.13-150700.4.50.1

python313

SUSE Linux Enterprise Desktop 15 SP7SUSE Linux Enterprise High Performance Computing 15 SP7SUSE Linux Enterprise Module for Python 3 15 SP7SUSE Linux Enterprise Server 15 SP7SUSE Linux Enterprise Server for SAP Applications 15 SP7

Fixed in:

3.13.13-150700.4.50.1

python313-base

SUSE Linux Enterprise Desktop 15 SP7SUSE Linux Enterprise High Performance Computing 15 SP7SUSE Linux Enterprise Module for Python 3 15 SP7SUSE Linux Enterprise Server 15 SP7SUSE Linux Enterprise Server for SAP Applications 15 SP7

Fixed in:

3.13.13-150700.4.50.1

python313-curses

SUSE Linux Enterprise Desktop 15 SP7SUSE Linux Enterprise High Performance Computing 15 SP7SUSE Linux Enterprise Module for Python 3 15 SP7SUSE Linux Enterprise Server 15 SP7SUSE Linux Enterprise Server for SAP Applications 15 SP7

Fixed in:

3.13.13-150700.4.50.1

python313-dbm

SUSE Linux Enterprise Desktop 15 SP7SUSE Linux Enterprise High Performance Computing 15 SP7SUSE Linux Enterprise Module for Python 3 15 SP7SUSE Linux Enterprise Server 15 SP7SUSE Linux Enterprise Server for SAP Applications 15 SP7

Fixed in:

3.13.13-150700.4.50.1

python313-devel

SUSE Linux Enterprise Desktop 15 SP7SUSE Linux Enterprise High Performance Computing 15 SP7SUSE Linux Enterprise Module for Python 3 15 SP7SUSE Linux Enterprise Server 15 SP7SUSE Linux Enterprise Server for SAP Applications 15 SP7

Fixed in:

3.13.13-150700.4.50.1

python313-idle

SUSE Linux Enterprise Desktop 15 SP7SUSE Linux Enterprise High Performance Computing 15 SP7SUSE Linux Enterprise Module for Python 3 15 SP7SUSE Linux Enterprise Server 15 SP7SUSE Linux Enterprise Server for SAP Applications 15 SP7

Fixed in:

3.13.13-150700.4.50.1

python313-tk

SUSE Linux Enterprise Desktop 15 SP7SUSE Linux Enterprise High Performance Computing 15 SP7SUSE Linux Enterprise Module for Python 3 15 SP7SUSE Linux Enterprise Server 15 SP7SUSE Linux Enterprise Server for SAP Applications 15 SP7

Fixed in:

3.13.13-150700.4.50.1

python313-tools

SUSE Linux Enterprise Desktop 15 SP7SUSE Linux Enterprise High Performance Computing 15 SP7SUSE Linux Enterprise Module for Python 3 15 SP7SUSE Linux Enterprise Server 15 SP7SUSE Linux Enterprise Server for SAP Applications 15 SP7

Fixed in:

3.13.13-150700.4.50.1

References

https://bugzilla.suse.com/1211301

https://bugzilla.suse.com/1261969

https://bugzilla.suse.com/1261970

https://bugzilla.suse.com/1262098

https://bugzilla.suse.com/1262319

https://bugzilla.suse.com/1262654

https://bugzilla.suse.com/1263787

https://lists.suse.com/pipermail/sle-updates/2026-June/047442.html

https://www.suse.com/security/cve/CVE-2026-1502/

https://www.suse.com/security/cve/CVE-2026-3446/

https://www.suse.com/security/cve/CVE-2026-4786/

https://www.suse.com/security/cve/CVE-2026-6019/

https://www.suse.com/security/cve/CVE-2026-6100/

https://www.suse.com/support/security/rating/

https://www.suse.com/support/update/announcement/2026/suse-su-20262464-1/

CVSS Analysis

CVSS v3.1

8.1

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

HighAC:H

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

8.1/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Upstream

CVE-2026-1502 CVE-2026-3446 CVE-2026-4786 CVE-2026-6019 CVE-2026-6100

Ecosystems

SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise High Performance Computing 15 SP7 SUSE Linux Enterprise Module for Python 3 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7

Timeline

PublishedJun 19, 2026

ModifiedJun 19, 2026

SUSE-SU-2026:2464-1 | Mondoo Vulnerability Intelligence