CLSA-2026-1779213441 python3.11: Fix of 11 CVEs

CVE-2026-4224: avoid unbound C recursion in convcontentmodel in pyexpat - CVE-2026-3644: reject control characters in http.cookies.Morsel.update - CVE-2026-0672: reject control characters in http.cookies.Morsel - CVE-2025-8291: check consistency of zip64 end of central directory record -...

BIT-LIBPYTHON-2025-4516 Use-after-free in "unicode_escape" decoder with error handler

There is an issue in CPython when using bytes.decode"unicodeescape", error="ignore|replace". If you are not using the "unicodeescape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode call in ...

Use-after-free in "unicode_escape" decoder with error handler

...

BIT-PYTHON-MIN-2025-4516 Use-after-free in "unicode_escape" decoder with error handler

There is an issue in CPython when using bytes.decode"unicodeescape", error="ignore|replace". If you are not using the "unicodeescape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode call in ...

Security update for python3

This update for python3 fixes the following issues: CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler bsc1243273. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:01877-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler bsc1243273...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free through the unicodeescape decoder when used with an error handler. An attacker can trigger a use-after-free condition by manipulating the memory after it has been freed. This is only exploitable if the unicodeescape...