85 matches found
RLSA-2026:19019 Important: python3.14 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
cpython: Stack overflow parsing XML with deeply nested DTD content models
A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash...
OPENSUSE-SU-2026:20769-1 Security update for mozjs115
This update for mozjs115 fixes the following issues: Changes in mozjs115: - CVE-2026-32776: Fixed a NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259728 - CVE-2026-32777: Fixed a denial of service due to infinite loop in DTD...
SUSE SLES15 Security Update : mozjs78 (SUSE-SU-2026:1956-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1956-1 advisory. This update for mozjs78 fixes the following issues - CVE-2026-32776: libexpat: NULL pointer dereference when processing empty...
SUSE-SU-2026:1956-1 Security update for mozjs78
This update for mozjs78 fixes the following issues - CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259728. - CVE-2026-32777: libexpat: denial of service due to infinite loop in DTD content parsing...
SUSE SLES15 Security Update : mozjs52 (SUSE-SU-2026:1742-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1742-1 advisory. This update for mozjs52 fixes the following issues - CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external paramete...
RockyLinux 8 : python3.12 (RLSA-2026:10950)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:10950 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375...
ALSA-2026:10950 Important: python3.12 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
SUSE SLES15 Security Update : python311 (SUSE-SU-2026:1530-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1530-1 advisory. - CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined bsc1259611. - CVE-2026-3479...
Security update for python311
This update for python311 fixes the following issues: CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined bsc1259611. CVE-2026-3479: python: improper resource argument validation can allow path traversal bsc1259989. CVE-2026-3644: incomplete contr...
SUSE SLES12: libpython2_7-1_0 / libpython2_7-1_0-32bit / python / python-32bit / etc (SUSE-SU-2026:1417-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1417-1 advisory. - CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined bsc1259611. - CVE-2026-3479: improper...
SUSE-SU-2026:1376-1 Security update for python310
This update for python310 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. - CVE-2026-3479: improper resource argument validation in pkgutil.getdata can lead to pa...
Security update for python313
This update for python313 fixes the following issues: Update to v3.13.13 CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined bsc1259611. CVE-2026-2297: cpython: incorrectly handled hook in FileLoader can lead to validation bypass bsc1259240...
Security update for expat
This update for expat fixes the following issues: CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. CVE-2026-32778: NUL...
OESA-2026-1886 expat security update
expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.CVE-2026-32776 libexpat...
OESA-2026-1884 expat security update
expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.CVE-2026-32776 libexpat...
openSUSE 16 Security Update : expat (openSUSE-SU-2026:20448-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20448-1 advisory. - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. -...
SUSE-SU-2026:1166-1 Security update for expat
This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. - CVE-2026-3277...
SUSE-SU-2026:20985-1 Security update for expat
This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. - CVE-2026-3277...
Updated expat packages fix security vulnerabilities
libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. CVE-2026-32776 libexpat before 2.7.5 allows an infinite loop while parsing DTD content. CVE-2026-32777 libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry...