Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves one vulnerability and has one security fix can now be installed.. # Security update for python36 Announcement ID: SUSE-SU-2026:2655-1 Release Date: 2026-06-26T12:23:25Z Rating: moderate References: * bsc#1258364 * bsc#1261970 Cross-References: * CVE-2026-3446 CVSS scores: * CVE-2026-3446 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-3446 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for python36 fixes the following issues: * CVE-2026-3446: Base64 decoding stops at first padded quad by default (bsc#1261970). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2655=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * python36-3.6.15-111.1 * libpython3_6m1_0-32bit-3.6.15-111.1 * python36-base-debuginfo-3.6.15-111.1 * libpython3_6m1_0-3.6.15-111.1 * python36-base-3.6.15-111.1 * python36-debugsource-3.6.15-111.1 * python36-devel-3.6.15-111.1 * python36-debuginfo-3.6.15-111.1 * libpython3_6m1_0-debuginfo-32bit-3.6.15-111.1 * libpython3_6m1_0-debuginfo-3.6.15-111.1 ## References: *https://www.suse.com/security/cve/CVE-2026-3446.html * https://bugzilla.suse.com/show_bug.cgi?id=1258364 * https://bugzilla.suse.com/show_bug.cgi?id=1261970 . A moderate security update for python36 is available to address CVE-2026-3446 affecting SUSE Linux Enterprise Server.. moderate update, security fix, python36 patch, SUSE advisory, CVE-2026-3446. . Severity: moderate. LinuxSecurity.com Team
An update that solves five vulnerabilities can now be installed.. # Security update for python36 Announcement ID: SUSE-SU-2026:1345-1 Release Date: 2026-04-15T12:04:29Z Rating: important References: * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1259989 * bsc#1260026 Cross-References: * CVE-2025-13462 * CVE-2026-3479 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for python36 fixes the following issues: * CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined (bsc#1259611). * CVE-2026-3479: python: improper resource argument validation can allow path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in http.cookies (bsc#1259734). * CVE-2026-4224: C stack overflow when parsing XML with deeply nested DTD content models (bsc#1259735). * CVE-2026-4519: leading dashes in URLs are accepted by the `webbrowser.open()` API and allow for web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1345=1 * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1345=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libpython3_6m1_0-32bit-3.6.15-108.1 * python36-devel-3.6.15-108.1 *python36-debugsource-3.6.15-108.1 * python36-base-3.6.15-108.1 * libpython3_6m1_0-debuginfo-3.6.15-108.1 * libpython3_6m1_0-debuginfo-32bit-3.6.15-108.1 * python36-3.6.15-108.1 * python36-debuginfo-3.6.15-108.1 * python36-base-debuginfo-3.6.15-108.1 * libpython3_6m1_0-3.6.15-108.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * python36-devel-3.6.15-108.1 * python36-debugsource-3.6.15-108.1 * python36-base-3.6.15-108.1 * libpython3_6m1_0-debuginfo-3.6.15-108.1 * python36-3.6.15-108.1 * python36-debuginfo-3.6.15-108.1 * python36-base-debuginfo-3.6.15-108.1 * libpython3_6m1_0-3.6.15-108.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libpython3_6m1_0-32bit-3.6.15-108.1 * libpython3_6m1_0-debuginfo-32bit-3.6.15-108.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-3479.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1259989 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 . SUSE's python36 update addresses five vulnerabilities with an importance rating and patch instructions for installation.. SUSE Linux, python36, security update, vulnerabilities, patch instructions. . Severity: Important. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for python36 Announcement ID: SUSE-SU-2026:0884-1 Release Date: 2026-03-12T10:20:34Z Rating: important References: * bsc#1257181 Cross-References: * CVE-2026-1299 CVSS scores: * CVE-2026-1299 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-1299 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-1299 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python36 fixes the following issues: * CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator (bsc#1257181). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-884=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-884=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libpython3_6m1_0-debuginfo-3.6.15-103.1 * python36-base-3.6.15-103.1 * python36-debugsource-3.6.15-103.1 * libpython3_6m1_0-3.6.15-103.1 * python36-3.6.15-103.1 * python36-base-debuginfo-3.6.15-103.1 *python36-debuginfo-3.6.15-103.1 * python36-devel-3.6.15-103.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libpython3_6m1_0-debuginfo-32bit-3.6.15-103.1 * libpython3_6m1_0-32bit-3.6.15-103.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libpython3_6m1_0-32bit-3.6.15-103.1 * libpython3_6m1_0-debuginfo-3.6.15-103.1 * python36-base-3.6.15-103.1 * libpython3_6m1_0-debuginfo-32bit-3.6.15-103.1 * python36-debugsource-3.6.15-103.1 * libpython3_6m1_0-3.6.15-103.1 * python36-3.6.15-103.1 * python36-base-debuginfo-3.6.15-103.1 * python36-debuginfo-3.6.15-103.1 * python36-devel-3.6.15-103.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1299.html * https://bugzilla.suse.com/show_bug.cgi?id=1257181 . Learn about the important security update for python36 addressing header injection issues on SUSE platforms.. SUSE Security Update, python36 Issues, Header Injection CVE, Important Security Advisory. . Severity: Important. LinuxSecurity.com Team
An update that solves six vulnerabilities can now be installed.. # Security update for python36 Announcement ID: SUSE-SU-2026:0612-1 Release Date: 2026-02-24T15:14:24Z Rating: important References: * bsc#1257029 * bsc#1257031 * bsc#1257041 * bsc#1257042 * bsc#1257044 * bsc#1257046 Cross-References: * CVE-2025-11468 * CVE-2025-15282 * CVE-2025-15366 * CVE-2025-15367 * CVE-2026-0672 * CVE-2026-0865 CVSS scores: * CVE-2025-11468 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-11468 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-11468 ( NVD ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-15282 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-15282 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2025-15282 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-15366 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-15366 ( SUSE ): 6.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H * CVE-2025-15366 ( NVD ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-15367 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-15367 ( SUSE ): 6.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H * CVE-2025-15367 ( NVD ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X *CVE-2026-0672 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-0672 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-0672 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-0865 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-0865 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2026-0865 ( NVD ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for python36 fixes the following issues: * CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters (bsc#1257029). * CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel (bsc#1257031). * CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042). * CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044). * CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046). * CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaSTonline_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-612=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-612=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libpython3_6m1_0-debuginfo-3.6.15-100.1 * python36-3.6.15-100.1 * python36-debugsource-3.6.15-100.1 * python36-debuginfo-3.6.15-100.1 * python36-base-3.6.15-100.1 * python36-base-debuginfo-3.6.15-100.1 * python36-devel-3.6.15-100.1 * libpython3_6m1_0-3.6.15-100.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libpython3_6m1_0-debuginfo-32bit-3.6.15-100.1 * libpython3_6m1_0-32bit-3.6.15-100.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libpython3_6m1_0-debuginfo-3.6.15-100.1 * libpython3_6m1_0-debuginfo-32bit-3.6.15-100.1 * python36-3.6.15-100.1 * python36-debugsource-3.6.15-100.1 * python36-debuginfo-3.6.15-100.1 * libpython3_6m1_0-32bit-3.6.15-100.1 * python36-base-3.6.15-100.1 * python36-base-debuginfo-3.6.15-100.1 * python36-devel-3.6.15-100.1 * libpython3_6m1_0-3.6.15-100.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11468.html * https://www.suse.com/security/cve/CVE-2025-15282.html * https://www.suse.com/security/cve/CVE-2025-15366.html * https://www.suse.com/security/cve/CVE-2025-15367.html * https://www.suse.com/security/cve/CVE-2026-0672.html * https://www.suse.com/security/cve/CVE-2026-0865.html * https://bugzilla.suse.com/show_bug.cgi?id=1257029 * https://bugzilla.suse.com/show_bug.cgi?id=1257031 * https://bugzilla.suse.com/show_bug.cgi?id=1257041 * https://bugzilla.suse.com/show_bug.cgi?id=1257042 * https://bugzilla.suse.com/show_bug.cgi?id=1257044 *https://bugzilla.suse.com/show_bug.cgi?id=1257046 . This SUSE security advisory addresses six important vulnerabilities in python36 with necessary patching instructions.. SUSE python36 vulnerabilities important security patch. . Severity: Important. LinuxSecurity.com Team
An update that solves three vulnerabilities can now be installed.. # Security update for python36 Announcement ID: SUSE-SU-2025:4539-1 Release Date: 2025-12-31T15:05:34Z Rating: moderate References: * bsc#1254400 * bsc#1254401 * bsc#1254997 Cross-References: * CVE-2025-12084 * CVE-2025-13836 * CVE-2025-13837 CVSS scores: * CVE-2025-12084 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-12084 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13836 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13836 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2025-13837 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13837 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13837 ( NVD ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X AffectedProducts: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for python36 fixes the following issues: * CVE-2025-12084: quadratic complexity when building nested elements using `xml.dom.minidom` methods that depend on `_clear_id_cache()` can lead to availability issues when building excessively nested documents (bsc#1254997). * CVE-2025-13836: use of `Content-Length` by default when reading an HTTP response with no read amount specified can lead to OOM issues and DoS when a client deals with a malicious server (bsc#1254400). * CVE-2025-13837: data read by the plistlib module according to the size specified by the file itself can lead to OOM issues and DoS (bsc#1254401). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-4539=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * python36-base-3.6.15-97.1 * python36-debugsource-3.6.15-97.1 * python36-debuginfo-3.6.15-97.1 * libpython3_6m1_0-debuginfo-32bit-3.6.15-97.1 * python36-3.6.15-97.1 * libpython3_6m1_0-32bit-3.6.15-97.1 * libpython3_6m1_0-debuginfo-3.6.15-97.1 * python36-base-debuginfo-3.6.15-97.1 * python36-devel-3.6.15-97.1 * libpython3_6m1_0-3.6.15-97.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12084.html * https://www.suse.com/security/cve/CVE-2025-13836.html * https://www.suse.com/security/cve/CVE-2025-13837.html * https://bugzilla.suse.com/show_bug.cgi?id=1254400 *https://bugzilla.suse.com/show_bug.cgi?id=1254401 * https://bugzilla.suse.com/show_bug.cgi?id=1254997 . Update for SUSE fixes three issues in python36 impacting system availability and security. Immediate action recommended.. SUSE python36 security update DoS issue availability. . LinuxSecurity.com Team
An update that solves two vulnerabilities can now be installed.. # Security update for python36 Announcement ID: SUSE-SU-2025:4487-1 Release Date: 2025-12-18T14:44:31Z Rating: low References: * bsc#1251305 * bsc#1252974 Cross-References: * CVE-2025-6075 * CVE-2025-8291 CVSS scores: * CVE-2025-6075 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-6075 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-6075 ( NVD ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-8291 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-8291 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2025-8291 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for python36 fixes the following issues: * CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). * CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSSExtended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-4487=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * python36-debugsource-3.6.15-94.1 * libpython3_6m1_0-debuginfo-3.6.15-94.1 * python36-debuginfo-3.6.15-94.1 * python36-3.6.15-94.1 * libpython3_6m1_0-3.6.15-94.1 * python36-devel-3.6.15-94.1 * libpython3_6m1_0-debuginfo-32bit-3.6.15-94.1 * libpython3_6m1_0-32bit-3.6.15-94.1 * python36-base-debuginfo-3.6.15-94.1 * python36-base-3.6.15-94.1 ## References: * https://www.suse.com/security/cve/CVE-2025-6075.html * https://www.suse.com/security/cve/CVE-2025-8291.html * https://bugzilla.suse.com/show_bug.cgi?id=1251305 * https://bugzilla.suse.com/show_bug.cgi?id=1252974 . A low-severity security update for python36 on SUSE addresses two vulnerabilities affecting performance and ZIP file processing.. python36 update SUSE vulnerability performance. . Severity: Low. LinuxSecurity.com Team
* bsc#1247249 Cross-References: * CVE-2025-8194 . # Security update for python36 Announcement ID: SUSE-SU-2025:02983-1 Release Date: 2025-08-25T13:48:42Z Rating: moderate References: * bsc#1247249 Cross-References: * CVE-2025-8194 CVSS scores: * CVE-2025-8194 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-8194 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-8194 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python36 fixes the following issues: * CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-2983=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libpython3_6m1_0-3.6.15-89.1 * python36-3.6.15-89.1 * libpython3_6m1_0-32bit-3.6.15-89.1 * python36-base-debuginfo-3.6.15-89.1 * python36-debugsource-3.6.15-89.1 * libpython3_6m1_0-debuginfo-32bit-3.6.15-89.1 * python36-debuginfo-3.6.15-89.1 * libpython3_6m1_0-debuginfo-3.6.15-89.1 * python36-base-3.6.15-89.1 * python36-devel-3.6.15-89.1 ## References: * https://www.suse.com/security/cve/CVE-2025-8194.html * https://bugzilla.suse.com/show_bug.cgi?id=1247249 . SUSE enhances python39 to address the denial of service flaw CVE-2025-9111, bolstering protection for its clientele.. python36security update, SUSE Linux advisory, denial of service patch. . LinuxSecurity.com Team
* bsc#1233307 Cross-References: * CVE-2024-11168 . # Security update for python36 Announcement ID: SUSE-SU-2025:1043-1 Release Date: 2025-03-27T16:27:44Z Rating: moderate References: * bsc#1233307 Cross-References: * CVE-2024-11168 CVSS scores: * CVE-2024-11168 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:X * CVE-2024-11168 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-11168 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:X * CVE-2024-11168 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python36 fixes the following issues: * CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1043=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * python36-3.6.15-79.1 * python36-base-3.6.15-79.1 * libpython3_6m1_0-debuginfo-32bit-3.6.15-79.1 * python36-devel-3.6.15-79.1 * python36-debugsource-3.6.15-79.1 * libpython3_6m1_0-debuginfo-3.6.15-79.1 * python36-base-debuginfo-3.6.15-79.1 * python36-debuginfo-3.6.15-79.1 *libpython3_6m1_0-32bit-3.6.15-79.1 * libpython3_6m1_0-3.6.15-79.1 ## References: * https://www.suse.com/security/cve/CVE-2024-11168.html * https://bugzilla.suse.com/show_bug.cgi?id=1233307 . The recent patch for python36 resolves a notable problem regarding IPv6 validation within SUSE Linux Enterprise Server 12 SP5.. python36 update,SUSE security advisory,moderate issue fix,IP validation patch. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.