This update for python39 fixes the following issues:
Security issues fixed:
* CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF
(bsc#1261969).
* CVE-2026-3446: base64 decoding stops at first padded quad by default and
ignores other information that could be processed (bsc#1261970).
* CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()`
can lead to path traversal (bsc#1259989).
* CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety
check and allow for command injection (bsc#1262319).
* CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in
cookie values embedded in JS (bsc#1262654).
* CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`,
`bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is under memory
pressure(bsc#1262098).
Other updates and bugfixes:
* Rewrite structure of Python interpreter packages. `python3*` symbols should
be now...
Read the Full Advisory## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1818=1
* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-1818=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1818=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* python39-dbm-3.9.25-150300.4.106.1
* python39-base-3.9.25-150300.4.106.1
* python39-3.9.25-150300.4.106.1
* libpython3_9-1_0-3.9.25-150300.4.106.1
* python39-curses-3.9.25-150300.4.106.1
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* python39-dbm-3.9.25-150300.4.106.1
* python39-testsuite-3.9.25-150300.4.106.1
* python39-base-3.9.25-150300.4.106.1
* python39-tools-3.9.25-150300.4.106.1
* python39-curses-debuginfo-3.9.25-150300.4.106.1
* python39-core-debugsource-3.9.25-150300.4.106.1
* python39-debuginfo-3.9.25-150300.4.106.1
* python39-testsuite-debuginfo-3.9.25-150300.4.106.1
* python39-tk-debuginfo-3.9.25-150300.4.106.1
* python39-doc-3.9.25-150300.4.106.1
* python39-debugsource-3.9.25-150300.4.106.1
* python39-doc-devhelp-3.9.25-150300.4.106.1
* python39-idle-3.9.25-150300.4.106.1
* python39-dbm-debuginfo-3.9.25-150300.4.106.1
* python39-base-debuginfo-3.9.25-150300.4.106.1
* python39-3.9.25-150300.4.106.1
*...
Read the Full Advisory* bsc#1258364
* bsc#1259989
* bsc#1261969
* bsc#1261970
* bsc#1262098
* bsc#1262319
* bsc#1262654
## References:
* https://www.suse.com/security/cve/CVE-2026-1502.html
* https://www.suse.com/security/cve/CVE-2026-3446.html
* https://www.suse.com/security/cve/CVE-2026-3479.html
* https://www.suse.com/security/cve/CVE-2026-4786.html
* https://www.suse.com/security/cve/CVE-2026-6019.html
* https://www.suse.com/security/cve/CVE-2026-6100.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258364
* https://bugzilla.suse.com/show_bug.cgi?id=1259989
* https://bugzilla.suse.com/show_bug.cgi?id=1261969
* https://bugzilla.suse.com/show_bug.cgi?id=1261970
* https://bugzilla.suse.com/show_bug.cgi?id=1262098
* https://bugzilla.suse.com/show_bug.cgi?id=1262319
* https://bugzilla.suse.com/show_bug.cgi?id=1262654
Get the latest Linux and open source security news straight to your inbox.