[ALSA-2026:19064] Important: python3.12 security update
Type:
security
Severity:
important
Release date:
2026-05-26
Description:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375) * python: Quadratic complexity in os.path.expandvars() with user-controlled template (CVE-2025-6075) * cpython: Out-of-memory when loading Plist (CVE-2025-13837) * cpython: Header injection via newlines in data URL mediatype in Python (CVE-2025-15282) * cpython: Header injection in http.cookies.Morsel in Python (CVE-2026-0672) * cpython: CPython: Logging Bypass in Legacy .pyc File Handling (CVE-2026-2297) * cpython: Incomplete control character validation in http.cookies (CVE-2026-3644) * cpython: Stack overflow parsing XML with deeply nested DTD content models (CVE-2026-4224) * python: Python: Command-line option injection in webbrowser.open() via crafted URLs (CVE-2026-4519) * python: Python: HTTP header injection via CR/LF in proxy tunnel headers (CVE-2026-1502) * python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100) * python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 python3-debug-3.12.13-2.el10_2.aarch64.rpm 02d00a7d0752773807bf8f21b66fab69d4150831eaab5f7a1e059fe4d5521224
aarch64 python3-tkinter-3.12.13-2.el10_2.aarch64.rpm 17a97747c5927a405a3fd8bb8c227219a8fd9e1e7a571b84ec62b1b7cdd3282b
aarch64 python3-idle-3.12.13-2.el10_2.aarch64.rpm 4ab1feb32edac1ce881c812eec1cee7ee27090184f9af6a8f55444a9014e1606
aarch64 python3-devel-3.12.13-2.el10_2.aarch64.rpm 729c5697760fd1f647f6fe2eeeeb64710539c2ac135cab66850d4ebc93b6baf2
aarch64 python3-test-3.12.13-2.el10_2.aarch64.rpm 9ff46eff2de1040be3df332c40bb3eef1c2c7a8655305d46bf0334e553862533
aarch64 python3-libs-3.12.13-2.el10_2.aarch64.rpm cd94457fed8718c17a027c0ed51cf00f36f4ba53d2f10dc566fba4dd3bba1579
aarch64 python3-3.12.13-2.el10_2.aarch64.rpm fd7bcc893448f481d74e9ce07c4f0175a7b44697bafb11d97c0d617b140af32f
noarch python-unversioned-command-3.12.13-2.el10_2.noarch.rpm e02dd9af1061d81e9eb4f3b2ab2cee1f8bcaa3917c0c834b9885fbcb4199da2e
ppc64le python3-devel-3.12.13-2.el10_2.ppc64le.rpm 2d28dc94876d78c720e134047e11d424c26b6bd5c677585ed09c5b7fa5386ca2
ppc64le python3-test-3.12.13-2.el10_2.ppc64le.rpm 4167f71d57137810af143021ed6875c5302c579480851117777c9f7ec2df26ae
ppc64le python3-3.12.13-2.el10_2.ppc64le.rpm 657dac01ee1d3d8597d3336ba1ff41c34d375638c70caefe30969c2d891ab66d
ppc64le python3-debug-3.12.13-2.el10_2.ppc64le.rpm 7236a788813630c8f6e4223428bece1370132c6208cba041a3d0c57319b09977
ppc64le python3-libs-3.12.13-2.el10_2.ppc64le.rpm 8582bd214b5f13f40e32619a8b14ba910046b78c16e7423a7d2e83c15790211f
ppc64le python3-idle-3.12.13-2.el10_2.ppc64le.rpm a49d816928d73ed8ce87ea3eb863a614c0284e65e4388b8388852bd73286309c
ppc64le python3-tkinter-3.12.13-2.el10_2.ppc64le.rpm e052ba52ec287cbedb8f948677fd17e53f3b95a8bd4ed691434a1e0b3a5ea5a9
s390x python3-devel-3.12.13-2.el10_2.s390x.rpm 4fc91b147d4ec3362835b10378eb0dc9cbb081be5f25f09af64a53d2ae332d6d
s390x python3-test-3.12.13-2.el10_2.s390x.rpm 52f71b62bd69e1ee40072b82c66ca471783372b48a5d498efea7f3f6596840b0
s390x python3-tkinter-3.12.13-2.el10_2.s390x.rpm 5da59b2ee47b6ac42bbcbe8dbb2c0388e4000e62b586025262bd83ff88dc0567
s390x python3-3.12.13-2.el10_2.s390x.rpm 73491552f3f3d4bdca7ff53f5ecfe0f5d703e12cd0da7bb9a9b86778e816c05c
s390x python3-debug-3.12.13-2.el10_2.s390x.rpm 8dfec4cac37b274b04aebf0b0b7ba16a367919b1b7358846684604440c163a52
s390x python3-idle-3.12.13-2.el10_2.s390x.rpm 980a1a2a672f26df14691dde698e0b7f367e0bc009cb98c2a3a7c6994aaa23b2
s390x python3-libs-3.12.13-2.el10_2.s390x.rpm a14868192672bfacdc7512ddfc6c4c4e461b953d491017c14761c8441130bfed
x86_64 python3-devel-3.12.13-2.el10_2.x86_64.rpm 1a7e22608ac7a0f520c10ac9641d22b50c494d380e84630ee13af03c19d31661
x86_64 python3-libs-3.12.13-2.el10_2.x86_64.rpm 3904cb528fe83e6d625df54e546f50b21911119f328bc3eb296621ad82398dbf
x86_64 python3-debug-3.12.13-2.el10_2.x86_64.rpm 4b982f337792a3a5b4105271e884041d7a42543ccb16fdd9e0b67b77e79c5678
x86_64 python3-idle-3.12.13-2.el10_2.x86_64.rpm 98fc9162660e443d956bfba441d9d729120aa4715658c4d704e7289400ce1655
x86_64 python3-3.12.13-2.el10_2.x86_64.rpm c4d208d39377be162cd3413a776257b2df6da498e67a8b5e79ff9660610df0e7
x86_64 python3-test-3.12.13-2.el10_2.x86_64.rpm db3a62622582ebe46b9fedf8358d53143ec657891096c0dee286928f20928449
x86_64 python3-tkinter-3.12.13-2.el10_2.x86_64.rpm ea31967685c55af2685b76aed6d8f63186709d9fd309a2c2799cd7a3f531873e
x86_64_v2 python3-3.12.13-2.el10_2.x86_64_v2.rpm 05e773bb3232a3c1d34885ed14774f891f2d235880bc19c31d4ce0b9d049f241
x86_64_v2 python3-test-3.12.13-2.el10_2.x86_64_v2.rpm 0f64002959484d012d0bfc24827f036d809dd7e39333f36a736865543b22d3f7
x86_64_v2 python3-debug-3.12.13-2.el10_2.x86_64_v2.rpm 58c54d3cf70d6bbe9782055da1a70009fe3691065d62efe03440c0afa645f659
x86_64_v2 python3-libs-3.12.13-2.el10_2.x86_64_v2.rpm 630e0a1951dcbad0c9d85f005a4152dce826b45aad450abf5f81fd5d23b67dd3
x86_64_v2 python3-devel-3.12.13-2.el10_2.x86_64_v2.rpm b8aa7df344fb9b23bc17a7c697be1e13768bd64e7a4029707b3a824e7c991dd3
x86_64_v2 python3-tkinter-3.12.13-2.el10_2.x86_64_v2.rpm c6df14d5ea25e992133a20060acec79aaf78d58234a59fd0ded0ae959768918f
x86_64_v2 python3-idle-3.12.13-2.el10_2.x86_64_v2.rpm dcea26f416372f5adc2f1e79245a38987dea6df70638ac3cf6db878f679d82bc
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.