54 matches found
SUSE-SU-2026:2664-1 Security update for python, python-base, python-doc
This update for python, python-base, python-doc fixes the following issues Security fixes: - CVE-2026-1703: files may be extracted outside the installation directory when installing and extracting maliciously crafted wheel archives bsc1257599. - CVE-2026-3219: pip doesn't reject concatenated ZIP...
Oracle Linux 9 : python3.9 (ELSA-2026-18693)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18693 advisory. - Security fixes for CVE-2026-4786 and CVE-2026-6100 Resolves: RHEL-167919, RHEL-168161 - Security fix for CVE-2026-4519 Resolves: RHEL-158117 Tenable has...
Oracle Linux 9 : python3.14 (ELSA-2026-19176)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19176 advisory. - Security fixes for CVE-2026-1502, CVE-2026-4786, CVE-2026-5713, CVE-2026-6100 Resolves: RHEL-167918, RHEL-168160 - Security fixes for CVE-2026-2297,...
Fedora 43 : python3.15 (2026-e2ada1fa1e)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e2ada1fa1e advisory. New prerelease of Python 3.15, containing fixes to a few CVEs. Tenable has extracted the preceding description block directly from the Fedora securi...
RLSA-2026:11077 Important: python3 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Important: Red Hat Security Advisory: python3 security update
An update for python3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabili...
RHEL 9 : python3.9 (RHSA-2026:19576)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19576 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
Important: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Security update for python310
This update for python310 fixes the following issues Security issues: CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. CVE-2026-3446: base64 decoding stops at first padded quad by default bsc1261970. CVE-2026-4786: incomplete mitigation of , %action expansion fo...
Amazon Linux 2 : python3, --advisory ALAS2-2026-3281 (ALAS-2026-3281)
The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3281 advisory. Mitgation of CVE-2026-4519 was incomplete. If the URL contained %action the mitigation could be bypassed for certain...
RHEL 9 : python3.12 (RHSA-2026:14656)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:14656 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
RHEL 9 : python3.11 (RHSA-2026:14653)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:14653 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
RHEL 9 : python3.11 (RHSA-2026:13692)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13692 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
Fedora 43 : python3.14 (2026-97a8eb204a)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-97a8eb204a advisory. Security fixes for CVE-2026-1502, CVE-2026-4786, CVE-2026-5713, CVE-2026-6100 Tenable has extracted the preceding description block directly from th...
MiracleLinux 8 : python3.12-3.12.13-2.el8_10 (AXSA:2026-523:13)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-523:13 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-593...
CLSA-2026-1777660524 python3.11: Fix of CVE-2026-6100
CVE-2026-6100 fix use-after-free in lzma/bz2 decompressor by clearing the dangling nextin pointer after MemoryError so a re-used decompressor cannot read or write through a stale buffer pointer...
Fedora 43 : python3.6 (2026-f08d5a8191)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f08d5a8191 advisory. - Security fixes for CVE-2026-4786, CVE-2026-6100 Tenable has extracted the preceding description block directly from the Fedora security advisory...
Fedora 44 : python3.6 (2026-a335d04675)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a335d04675 advisory. - Security fixes for CVE-2026-4786, CVE-2026-6100 Tenable has extracted the preceding description block directly from the Fedora security advisory...
CLSA-2026-1777569671 python3: Fix of CVE-2026-6100
CVE-2026-6100: clear dangling nextin pointer on MemoryError in bz2/lzma decompressors to avoid use-after-free on instance reuse...
CLSA-2026-1777568294 python2: Fix of CVE-2026-6100
CVE-2026-6100: defensively null bzs-nextin on the error path of BZ2Decompdecompress to align with upstream; the UAF window does not exist in Python 2.7 nextin is reassigned at function entry, lzma/gzip are not C extensions...