ALSA-2026:19177

[ALSA-2026:19177] Important: python3.12 security update

Type:

security

Severity:

important

Release date:

2026-05-26

Description:

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.  

Security Fix(es):  

  * expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)
  * python: Quadratic complexity in os.path.expandvars() with user-controlled template (CVE-2025-6075)
  * cpython: Out-of-memory when loading Plist (CVE-2025-13837)
  * cpython: Header injection via newlines in data URL mediatype in Python (CVE-2025-15282)
  * cpython: Header injection in http.cookies.Morsel in Python (CVE-2026-0672)
  * cpython: CPython: Logging Bypass in Legacy .pyc File Handling (CVE-2026-2297)
  * cpython: Incomplete control character validation in http.cookies (CVE-2026-3644)
  * cpython: Stack overflow parsing XML with deeply nested DTD content models (CVE-2026-4224)
  * python: Python: Command-line option injection in webbrowser.open() via crafted URLs (CVE-2026-4519)
  * python: Python: HTTP header injection via CR/LF in proxy tunnel headers (CVE-2026-1502)
  * python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100)
  * python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	python3.12-devel-3.12.13-2.el9_8.aarch64.rpm	3095aa48e4b9448c263e3d325684ea93c9bc8552cfc1b6dd65d84229c5b40d52
aarch64	python3.12-libs-3.12.13-2.el9_8.aarch64.rpm	4d7e6dbcd82c1849a8959e2edc62857eb345c50554aa1e8bde99bb4c96931b67
aarch64	python3.12-idle-3.12.13-2.el9_8.aarch64.rpm	7175035d154f8f5e83f75057f737bb931565bbfb150e64f68bfd19ccd4ff0913
aarch64	python3.12-debug-3.12.13-2.el9_8.aarch64.rpm	7cda789dcaa77a767bb23e01a4123167dfa7e708f429e2597bac70f50ee68a9a
aarch64	python3.12-test-3.12.13-2.el9_8.aarch64.rpm	829c5b483dbfc6061a0dc98e27205c2b11635a13c529b22e3ae826eb88a1e6b2
aarch64	python3.12-3.12.13-2.el9_8.aarch64.rpm	8ee499e1a6157b4a27ee4fff12ba04b201f9599403fa7f0808aaa6952fa42375
aarch64	python3.12-tkinter-3.12.13-2.el9_8.aarch64.rpm	dbf373bf68ae1bc85839607d2e49a104c0f4dfa4c1a54f997427e8bac00ef631
i686	python3.12-test-3.12.13-2.el9_8.i686.rpm	02e1576c43c59747e1c748007aef02c557dd83bd41f7f6a9036e749d53cc8f6f
i686	python3.12-tkinter-3.12.13-2.el9_8.i686.rpm	0ccb9cb0d01a4ac40433350beff069f584cc870073ee43737dc6667dfeb0be72
i686	python3.12-3.12.13-2.el9_8.i686.rpm	49b0c5b0d32d4b6eabdea085b3c1e1db5ebf234f392c77630fefb1efbd1b709d
i686	python3.12-devel-3.12.13-2.el9_8.i686.rpm	58d2939bb20fe2a564f147f85f4337d745b34105068065b996cb4aed630bb75d
i686	python3.12-idle-3.12.13-2.el9_8.i686.rpm	9963bc39fe571616e09e2b6056766e1b8d30ed0d90c0bd9656e1e25e93eec42e
i686	python3.12-libs-3.12.13-2.el9_8.i686.rpm	9b23514051a48591da9594f22ee6af5891a81951d1e07b4b9a15f3ed20de3e4a
i686	python3.12-debug-3.12.13-2.el9_8.i686.rpm	b0b3a66d2c5279fe219456c622cba0c5cb05f56daea1c3810faf44cc98f1919e
ppc64le	python3.12-devel-3.12.13-2.el9_8.ppc64le.rpm	299558ffcf0fbe96f96542ba3d7a0524db91389df87214f2e558f7190e2d6e08
ppc64le	python3.12-idle-3.12.13-2.el9_8.ppc64le.rpm	54e0517e2e102a75461c6e381477acd5086314ce67ae8d1df957581e0fc9ea9b
ppc64le	python3.12-3.12.13-2.el9_8.ppc64le.rpm	6fdb6e101970e7601f397eb2d6b9b3e3d4769211cd1b9d59f25db259a2587a65
ppc64le	python3.12-test-3.12.13-2.el9_8.ppc64le.rpm	72ec8578ba4e4ac64887f49ddf1889c007c7d2c2b44efc27208d7d86a730ca60
ppc64le	python3.12-debug-3.12.13-2.el9_8.ppc64le.rpm	be138f983cbc954504c9908886c22a8dad68fd98f568bd58cf09dfa0a5dc692e
ppc64le	python3.12-tkinter-3.12.13-2.el9_8.ppc64le.rpm	c52582ae90f05c5be5f1ece3724731313bbb269574b6925c031a1521c888af99
ppc64le	python3.12-libs-3.12.13-2.el9_8.ppc64le.rpm	dfd8e1101558f8a6c722e9ff3d837cba49b9e87d493253500071b5277570441d
s390x	python3.12-test-3.12.13-2.el9_8.s390x.rpm	174bb70361a8e949151bb259ad03d9ddfb14ddffa264f857d167a97b7ac841cd
s390x	python3.12-idle-3.12.13-2.el9_8.s390x.rpm	2f5f1a8ffba92513dc569eedfbdbe50932ddf36df610fed45ecd7160b151c94d
s390x	python3.12-debug-3.12.13-2.el9_8.s390x.rpm	6071f39ac4d02c6a64adffcac3cf436840123fa1eb19ab6258ee6d831daa2e63
s390x	python3.12-libs-3.12.13-2.el9_8.s390x.rpm	67afe578428483efcfa57f447703585b576947bd1adc7d086c837d8fec55606b
s390x	python3.12-devel-3.12.13-2.el9_8.s390x.rpm	748d22449ab57c32c9a3fd0063a6b1b96e5de80849352033c734ff6b0cc03ad0
s390x	python3.12-3.12.13-2.el9_8.s390x.rpm	807a914851a2c2795cfeafcdfb2d0aada7b40b1f7ee718de3c9684bb7c73696f
s390x	python3.12-tkinter-3.12.13-2.el9_8.s390x.rpm	9e990be3ec42c7e1980b9f9f9c02e8c729aedbdce55236319686ec70bc0f786d
x86_64	python3.12-devel-3.12.13-2.el9_8.x86_64.rpm	1c9c71cc8fefdc48e19c485f61b4469eb8dd8f33e193adb7461c52aa32fd8a83
x86_64	python3.12-tkinter-3.12.13-2.el9_8.x86_64.rpm	3f3d30e29befbca26b0a7db32ed2f987725a2d35d6b6f642320852f7ae4317e0
x86_64	python3.12-libs-3.12.13-2.el9_8.x86_64.rpm	43f947df3570ed891b1a747a3cdf9aac84b931be6950dd95d90eaa31841545b9
x86_64	python3.12-idle-3.12.13-2.el9_8.x86_64.rpm	661f64b34ac6d1cd350564e89a1fe250a54fe70eb9cc878464640b4a8f89ff1d
x86_64	python3.12-test-3.12.13-2.el9_8.x86_64.rpm	8d1cefd0756a04a29be47ecf2478b3376da679ce434bbebbbde208ff316dbedf
x86_64	python3.12-debug-3.12.13-2.el9_8.x86_64.rpm	b3d0ce54c29bb34219ac6792a5d78bc0ca377b3be4ca14e1f002be6301a01d86
x86_64	python3.12-3.12.13-2.el9_8.x86_64.rpm	da3ad7fe9ba0f76a184594da9dc5e8887cef5946498a69a6f1ed49249f01c7bd

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.