[ALSA-2026:10950] Important: python3.12 security update
Type:
security
Severity:
important
Release date:
2026-04-28
Description:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375) * python: Quadratic complexity in os.path.expandvars() with user-controlled template (CVE-2025-6075) * cpython: Out-of-memory when loading Plist (CVE-2025-13837) * cpython: Header injection via newlines in data URL mediatype in Python (CVE-2025-15282) * cpython: Header injection in http.cookies.Morsel in Python (CVE-2026-0672) * cpython: CPython: Logging Bypass in Legacy .pyc File Handling (CVE-2026-2297) * cpython: Incomplete control character validation in http.cookies (CVE-2026-3644) * cpython: Stack overflow parsing XML with deeply nested DTD content models (CVE-2026-4224) * python: Python: HTTP header injection via CR/LF in proxy tunnel headers (CVE-2026-1502) * python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100) * python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 python3.12-test-3.12.13-2.el8_10.aarch64.rpm 0042421786a365124d2ca4d725f92241860a7f2376498f2ee43616af03e3f6b0
aarch64 python3.12-3.12.13-2.el8_10.aarch64.rpm 138b132f0ca6f81da9f7341c601d11887105d235c359a71207580a217c21f8c2
aarch64 python3.12-devel-3.12.13-2.el8_10.aarch64.rpm 250e0c36e7cb375ec7e21e807227efa877788949de8f223ca762d3950ead8da5
aarch64 python3.12-libs-3.12.13-2.el8_10.aarch64.rpm 51ba4f0ed57a8ef548f275d067b29705af76123e2359388bfb7cf4949541600d
aarch64 python3.12-idle-3.12.13-2.el8_10.aarch64.rpm 644628ba7ff8d0b59f4e33245f0fa93c8f629872c5f2baffe206cb2398923aeb
aarch64 python3.12-debug-3.12.13-2.el8_10.aarch64.rpm 961ea35f60185ce0e7a46217da702062f18adaf20826cd10846f051430b238be
aarch64 python3.12-tkinter-3.12.13-2.el8_10.aarch64.rpm fe9e9872341ed151f064bafaae2385794804e2ed8eda9cc7066e2dfa78a89515
i686 python3.12-debug-3.12.13-2.el8_10.i686.rpm 3299de934c90c265d15abbc52b1ba23a84322ffb7662c58aca3bf229b73bbadc
i686 python3.12-idle-3.12.13-2.el8_10.i686.rpm 6f853e2d3e9584fc1267eeb3dd8bbc1c31373c759e4aa3f9c23c23bc707b2204
i686 python3.12-devel-3.12.13-2.el8_10.i686.rpm 8efdf40e8d99e913d99a5446afb9f4729e51629c65e021f6fd7d40185d82af53
i686 python3.12-tkinter-3.12.13-2.el8_10.i686.rpm c4266d81cafa3d407f69cafb22887c36f281f0e95eecf94eb78a898f4dae6367
i686 python3.12-libs-3.12.13-2.el8_10.i686.rpm c7e2fca0cf879f60dc7cac70d66a99b420248ef952e14b97cbe120d0af63554a
i686 python3.12-3.12.13-2.el8_10.i686.rpm ce507083178c0d9927c4e08e03a5b3844d0e0b2b2ac2f4a28de04b242a20d957
i686 python3.12-test-3.12.13-2.el8_10.i686.rpm f76545b71288197b22efee0fa22816852030f85a71f3889ee1926d76065a2386
noarch python3.12-rpm-macros-3.12.13-2.el8_10.noarch.rpm b33f99d6429af10985bb4f64ca1c521df580e650857d8eea56d9ce81b16c00ac
ppc64le python3.12-libs-3.12.13-2.el8_10.ppc64le.rpm 3bc8b01daa6ab00fad30765b232345127a8e8daa4f0ac86925662e9133f5657a
ppc64le python3.12-debug-3.12.13-2.el8_10.ppc64le.rpm 69890dc75284d8bd01e3e434cae34a63bba78a9d6b5d762e703c5b2799b7f876
ppc64le python3.12-3.12.13-2.el8_10.ppc64le.rpm 89ef9918ffd3346c1bc1cece67f9af3764b38a753d6bc2f65d3902e7c378bdcb
ppc64le python3.12-devel-3.12.13-2.el8_10.ppc64le.rpm 8a5d1c826e7db6fd8a0a0b6821de805c3d4079ddad08199dc627422a416980d5
ppc64le python3.12-tkinter-3.12.13-2.el8_10.ppc64le.rpm 8b1a1ef74bc79cb006161c6d57d3e40d2fd1145c7c2fdc6e6522024a476af05d
ppc64le python3.12-idle-3.12.13-2.el8_10.ppc64le.rpm a456921970a7e69c057b55ac37d7440db25f529ec6d520bb9a24e1a236d963a2
ppc64le python3.12-test-3.12.13-2.el8_10.ppc64le.rpm a96ff0176a841b881cecfbc5da54f303a9f3a5b0cce8881af8834f03e95650d1
s390x python3.12-tkinter-3.12.13-2.el8_10.s390x.rpm a1bc036e107dc97ae620a5a703378b2577806b2e8c6a16170c567ab5ea0e4050
s390x python3.12-idle-3.12.13-2.el8_10.s390x.rpm aa0f106605bbea0237b1852247e170275f2416f381cd67d63b8903cbf1e95cb2
s390x python3.12-3.12.13-2.el8_10.s390x.rpm c5c66cdc7f22627f010fb5d5d32436ca9f94a31edc4f59a1150eadf4078e2d0e
s390x python3.12-test-3.12.13-2.el8_10.s390x.rpm c95a05ee34810a4766527c34b363ea11f7de1c526c629b9a6cfe90b4c2a73a6e
s390x python3.12-libs-3.12.13-2.el8_10.s390x.rpm ea783d7838d81b01a32a7947cd20884fde685959fdbc063b1b8bba248911fa6a
s390x python3.12-devel-3.12.13-2.el8_10.s390x.rpm ec42fbf55e3a069fc7eaeee940e74c4a1e1d740e6459adc3ddbf4f95c45e87df
s390x python3.12-debug-3.12.13-2.el8_10.s390x.rpm fb0b6263308a74b5ccf605fe924431ff02a5c3379568ceb401b221aad11aa1db
x86_64 python3.12-3.12.13-2.el8_10.x86_64.rpm 4f3fa4cbc3ddcbe2dd162baab7b1d1f8bf17df6c8f2cca649e7be0becd9dacb9
x86_64 python3.12-debug-3.12.13-2.el8_10.x86_64.rpm 506eb513454dbc338d6e163f4a5b33719b6d771974b4177f2f345d190682770e
x86_64 python3.12-devel-3.12.13-2.el8_10.x86_64.rpm 53eb3f92f130619885ca89bec35149d32e2ede1b298b7f4f10e97fe09961d76a
x86_64 python3.12-test-3.12.13-2.el8_10.x86_64.rpm 772e2cdd309b74899b7f8af1ea75308533133a526be68bc160680db6007dce8c
x86_64 python3.12-tkinter-3.12.13-2.el8_10.x86_64.rpm d0f3ca580d8604330b1c1927a69d555fd9b70ce89a34a3c78d7defce9bec74f9
x86_64 python3.12-libs-3.12.13-2.el8_10.x86_64.rpm d66d2132e4372a175734d98f057a51d877ed75771b4013d4076e66c29bf27b5f
x86_64 python3.12-idle-3.12.13-2.el8_10.x86_64.rpm e85218cae17468eb226e9a7a3f64a3da0686d298b4c472e45c4807417088df54
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.