Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

SUSE Linux 16.0 Python313 Important Security Advisory 2026-21178-1

suse
Calendar Grey April 21, 2026
Dist Suse Esm H88
Critical security update for python313 on SUSE fixes seven issues, addresses validation bypass risks, and improves overall security.
An update that solves seven vulnerabilities and contains one feature can now be installed.

Summary

## This update for python313 fixes the following issues: Update to version 3.13.13. * CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). * CVE-2026-2297: incorrectly handled hook in FileLoader can lead to validation bypass (bsc#1259240). * CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). * CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). * CVE-2026-4519: failure to sanitize leading dashes in URLs in the

References

* bsc#1257181

* bsc#1259240

* bsc#1259611

* bsc#1259734

* bsc#1259735

* bsc#1259989

* bsc#1260026

* jsc#PED-15850

Cross-

* CVE-2025-13462

* CVE-2026-1299

* CVE-2026-2297

* CVE-2026-3479

* CVE-2026-3644

* CVE-2026-4224

* CVE-2026-4519

CVSS scores:

* CVE-2025-13462 ( SUSE ): 2.0

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

* CVE-2025-13462 ( NVD ): 2.0

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2026-1299 ( SUSE ): 8.3

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:21178-1
Release Date: 2026-04-13T09:41:21Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.