SUSE-SU-2026:1947-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2026/suse-su-20261947-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1947-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2026:1947-1
Upstream
Related
Published
2026-05-18T07:49:35Z
Modified
2026-05-19T08:45:08.986752030Z
Summary
Security update for python310
Details

This update for python310 fixes the following issues

Security issues:

  • CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969).
  • CVE-2026-3446: base64 decoding stops at first padded quad by default (bsc#1261970).
  • CVE-2026-4786: incomplete mitigation of , %action expansion for command injection to webbrowser.open() (bsc#1262319).
  • CVE-2026-6019: BaseCookie.js_output() does not neutralize characters in cookie values embedded in JS (bsc#1262654).
  • CVE-2026-6100: arbitrary code execution or information disclosure via use-after-free in decompression modules (bsc#1262098).

Non security issue:

  • Conflicts between different versions of Python (bsc#1258364).
References

Affected packages