Explore top 10 tips to secure your open-source projects now. Read More
×
This update for python311 fixes the following issues
* CVE-2026-1502: CR/LF bytes not rejected by HTTP client proxy tunnel headers
or host (bsc#1261969).
* CVE-2026-4786: URLs containing `%action` can bypass mitigation that allows
command injection via the `webbrowser.open()` API (bsc#1262319).
* CVE-2026-6019: HTML parser-sensitive sequence not neutralized by
`http.cookies.Morsel.js_output()` (bsc#1262654).
* CVE-2026-6100: use-after-free in decompression modules when a memory
allocation fails with a `MemoryError` and the decompression instance is re-
used (bsc#1262098).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-3104=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3104=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-3104=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3104=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-3104=1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libpython3_11-1_0-64bit-3.11.15-150600.3.59.3
* python311-base-64bit-debuginfo-3.11.15-150600.3.59.3
* python311-64bit-3.11.15-150600.3.59.3
* python311-base-64bit-3.11.15-150600.3.59.3
* libpython3_11-1_0-64bit-debuginfo-3.11.15-150600.3.59.3
* python311-64bit-debuginfo-3.11.15-150600.3.59.3
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* python311-doc-devhelp-3.11.15-150600.3.59.1
* python311-3.11.15-150600.3.59.3
* python311-curses-3.11.15-150600.3.59.3
* python311-core-debugsource-3.11.15-150600.3.59.3
* python311-tk-debuginfo-3.11.15-150600.3.59.3
* libpython3_11-1_0-debuginfo-3.11.15-150600.3.59.3
* python311-testsuite-3.11.15-150600.3.59.3
* python311-dbm-debuginfo-3.11.15-150600.3.59.3
* python311-dbm-3.11.15-150600.3.59.3
* python311-testsuite-debuginfo-3.11.15-150600.3.59.3
* python311-base-3.11.15-150600.3.59.3
* python311-curses-debuginfo-3.11.15-150600.3.59.3
* libpython3_11-1_0-3.11.15-150600.3.59.3
*...
Read the Full Advisory* bsc#1261969
* bsc#1262098
* bsc#1262319
* bsc#1262654
## References:
* https://www.suse.com/security/cve/CVE-2026-1502.html
* https://www.suse.com/security/cve/CVE-2026-4786.html
* https://www.suse.com/security/cve/CVE-2026-6019.html
* https://www.suse.com/security/cve/CVE-2026-6100.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261969
* https://bugzilla.suse.com/show_bug.cgi?id=1262098
* https://bugzilla.suse.com/show_bug.cgi?id=1262319
* https://bugzilla.suse.com/show_bug.cgi?id=1262654
Get the latest Linux and open source security news straight to your inbox.