Security update for python
This update for python fixes the following issues - CVE-2026-1703: files may be extracted outside the installation directory when installing and extracting maliciously crafted wheel archives (bsc#1257599). - CVE-2026-3219: pip doesn't reject concatenated ZIP (bsc#1262429). - CVE-2026-4786: Incomplete mitigation of %action expansion for command injection to webbrowser.open() (bsc#1262319). - CVE-2026-6019: BaseCookie.js_output() does not neutralize embedded characters (bsc#1262654). - CVE-2026-6100: arbitrary code execution or information disclosure via use-after-free in decompression modules (bsc#1262098). - CVE-2026-6357: pip self-update functionality can import newly installed modules after wheel installation (bsc#1263442). Changes for python: - For SLE-12-SP1 use vendored libffi (bsc#1261652). We have libffi4.so from SP3 only.
Security update for python
Description
This update for python fixes the following issues - CVE-2026-1703: files may be extracted outside the installation directory when installing and extracting maliciously crafted wheel archives (bsc#1257599). - CVE-2026-3219: pip doesn't reject concatenated ZIP (bsc#1262429). - CVE-2026-4786: Incomplete mitigation of %action expansion for command injection to webbrowser.open() (bsc#1262319). - CVE-2026-6019: BaseCookie.js_output() does not neutralize embedded characters (bsc#1262654). - CVE-2026-6100: arbitrary code execution or information disclosure via use-after-free in decompression modules (bsc#1262098). - CVE-2026-6357: pip self-update functionality can import newly installed modules after wheel installation (bsc#1263442). Changes for python: - For SLE-12-SP1 use vendored libffi (bsc#1261652). We have libffi4.so from SP3 only.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- SUSE Product Security Team
- Advisory Id
- SUSE-SU-2026:2387-1
- Cve Count
- 6
- Additional Cves
- ["CVE-2026-3219","CVE-2026-4786","CVE-2026-6019","CVE-2026-6100","CVE-2026-6357"]
- Cvss Version
- null
Threat ID: 6a2d2f9ce617e2d834b6fd00
Added to database: 6/13/2026, 10:23:24 AM
Last updated: 6/13/2026, 10:23:44 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.