Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 603
Alerts This Week
Warning Icon 1 603

SUSE 2026 Python311 Critical Security Update 2026-1530-1 Released

suse
Calendar Grey April 21, 2026
Dist Suse Esm H88
Update for python311 resolves five critical issues, enhancing security and stability on SUSE systems. Install now for safety.
An update that solves five vulnerabilities can now be installed.

Summary

## This update for python311 fixes the following issues: * CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined (bsc#1259611). * CVE-2026-3479: python: improper resource argument validation can allow path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in http.cookies (bsc#1259734). * CVE-2026-4224: C stack overflow when parsing XML with deeply nested DTD content models (bsc#1259735). * CVE-2026-4519: leading dashes in URLs are accepted by the `webbrowser.open()` API and allow for web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

* bsc#1259611

* bsc#1259734

* bsc#1259735

* bsc#1259989

* bsc#1260026

Cross-

* CVE-2025-13462

* CVE-2026-3479

* CVE-2026-3644

* CVE-2026-4224

* CVE-2026-4519

CVSS scores:

* CVE-2025-13462 ( SUSE ): 2.0

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

* CVE-2025-13462 ( NVD ): 2.0

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2026-3479 ( SUSE ): 2.0

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

* CVE-2026-3479 ( NVD ): 0.0

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:1530-1
Release Date: 2026-04-21T11:04:59Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.