Alerts This Week
Warning Icon 1 652
Alerts This Week
Warning Icon 1 652

SUSE Linux 12 SP5 Python 36 Significant Path Traversal C Stack Overflow

suse
Calendar Grey April 15, 2026
Dist Suse Esm H88
SUSE's python36 update addresses five vulnerabilities with an importance rating and patch instructions for installation.
An update that solves five vulnerabilities can now be installed.

Summary

## This update for python36 fixes the following issues: * CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined (bsc#1259611). * CVE-2026-3479: python: improper resource argument validation can allow path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in http.cookies (bsc#1259734). * CVE-2026-4224: C stack overflow when parsing XML with deeply nested DTD content models (bsc#1259735). * CVE-2026-4519: leading dashes in URLs are accepted by the `webbrowser.open()` API and allow for web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

Topics%20covered

Topics Covered

security advisory SuSE important path traversal python36 c stack overflow

References

* bsc#1259611

* bsc#1259734

* bsc#1259735

* bsc#1259989

* bsc#1260026

Cross-

* CVE-2025-13462

* CVE-2026-3479

* CVE-2026-3644

* CVE-2026-4224

* CVE-2026-4519

CVSS scores:

* CVE-2025-13462 ( SUSE ): 2.0

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

* CVE-2025-13462 ( NVD ): 2.0

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2026-3479 ( SUSE ): 2.0

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

* CVE-2026-3479 ( NVD ): 0.0

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:1345-1
Release Date: 2026-04-15T12:04:29Z
Rating: important

Topics%20covered

Topics Covered

security advisory SuSE important path traversal python36 c stack overflow

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here