openSUSE-SU-2026:20517-1

CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611).
CVE-2026-2297: incorrectly handled hook in FileLoader can lead to validation bypass (bsc#1259240).
CVE-2026-3479: improper resource argument validation in pkgutil.get_data() can lead to path traversal (bsc#1259989).
CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734).
CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735).
CVE-2026-4519: failure to sanitize leading dashes in URLs in the webbrowser.open() API can lead to web browser command line option injection (bsc#1260026).

References

Affected packages

openSUSE:Leap 16.0 / python313

Package

Name: python313
Purl: pkg:rpm/opensuse/python313&distro=openSUSE%20Leap%2016.0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.13.13-160000.1.1

Ecosystem specific

{
    "binaries": [
        {
            "python313-base-x86-64-v3": "3.13.13-160000.1.1",
            "python313-tools": "3.13.13-160000.1.1",
            "python313": "3.13.13-160000.1.1",
            "python313-idle": "3.13.13-160000.1.1",
            "python313-tk": "3.13.13-160000.1.1",
            "libpython3_13-1_0": "3.13.13-160000.1.1",
            "python313-nogil-base": "3.13.13-160000.1.1",
            "python313-nogil-idle": "3.13.13-160000.1.1",
            "python313-x86-64-v3": "3.13.13-160000.1.1",
            "python313-nogil": "3.13.13-160000.1.1",
            "python313-nogil-devel": "3.13.13-160000.1.1",
            "python313-doc": "3.13.13-160000.1.1",
            "python313-nogil-testsuite": "3.13.13-160000.1.1",
            "python313-nogil-dbm": "3.13.13-160000.1.1",
            "python313-curses": "3.13.13-160000.1.1",
            "libpython3_13t1_0": "3.13.13-160000.1.1",
            "python313-base": "3.13.13-160000.1.1",
            "python313-doc-devhelp": "3.13.13-160000.1.1",
            "python313-dbm": "3.13.13-160000.1.1",
            "python313-nogil-tools": "3.13.13-160000.1.1",
            "python313-devel": "3.13.13-160000.1.1",
            "python313-testsuite": "3.13.13-160000.1.1",
            "libpython3_13-1_0-x86-64-v3": "3.13.13-160000.1.1",
            "python313-nogil-curses": "3.13.13-160000.1.1",
            "python313-nogil-tk": "3.13.13-160000.1.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2026:20517-1.json"

openSUSE:Leap 16.0 / python313-core

Package

Name: python313-core
Purl: pkg:rpm/opensuse/python313-core&distro=openSUSE%20Leap%2016.0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.13.13-160000.1.1

Ecosystem specific

{
    "binaries": [
        {
            "python313-base-x86-64-v3": "3.13.13-160000.1.1",
            "python313-tools": "3.13.13-160000.1.1",
            "python313": "3.13.13-160000.1.1",
            "python313-idle": "3.13.13-160000.1.1",
            "python313-tk": "3.13.13-160000.1.1",
            "libpython3_13-1_0": "3.13.13-160000.1.1",
            "python313-nogil-base": "3.13.13-160000.1.1",
            "python313-nogil-idle": "3.13.13-160000.1.1",
            "python313-x86-64-v3": "3.13.13-160000.1.1",
            "python313-nogil": "3.13.13-160000.1.1",
            "python313-nogil-devel": "3.13.13-160000.1.1",
            "python313-doc": "3.13.13-160000.1.1",
            "python313-nogil-testsuite": "3.13.13-160000.1.1",
            "python313-nogil-dbm": "3.13.13-160000.1.1",
            "python313-curses": "3.13.13-160000.1.1",
            "libpython3_13t1_0": "3.13.13-160000.1.1",
            "python313-base": "3.13.13-160000.1.1",
            "python313-doc-devhelp": "3.13.13-160000.1.1",
            "python313-dbm": "3.13.13-160000.1.1",
            "python313-nogil-tools": "3.13.13-160000.1.1",
            "python313-devel": "3.13.13-160000.1.1",
            "python313-testsuite": "3.13.13-160000.1.1",
            "libpython3_13-1_0-x86-64-v3": "3.13.13-160000.1.1",
            "python313-nogil-curses": "3.13.13-160000.1.1",
            "python313-nogil-tk": "3.13.13-160000.1.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2026:20517-1.json"

openSUSE:Leap 16.0 / python313-documentation

Package

Name: python313-documentation
Purl: pkg:rpm/opensuse/python313-documentation&distro=openSUSE%20Leap%2016.0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.13.13-160000.1.1

Ecosystem specific

{
    "binaries": [
        {
            "python313-base-x86-64-v3": "3.13.13-160000.1.1",
            "python313-tools": "3.13.13-160000.1.1",
            "python313": "3.13.13-160000.1.1",
            "python313-idle": "3.13.13-160000.1.1",
            "python313-tk": "3.13.13-160000.1.1",
            "libpython3_13-1_0": "3.13.13-160000.1.1",
            "python313-nogil-base": "3.13.13-160000.1.1",
            "python313-nogil-idle": "3.13.13-160000.1.1",
            "python313-x86-64-v3": "3.13.13-160000.1.1",
            "python313-nogil": "3.13.13-160000.1.1",
            "python313-nogil-devel": "3.13.13-160000.1.1",
            "python313-doc": "3.13.13-160000.1.1",
            "python313-nogil-testsuite": "3.13.13-160000.1.1",
            "python313-nogil-dbm": "3.13.13-160000.1.1",
            "python313-curses": "3.13.13-160000.1.1",
            "libpython3_13t1_0": "3.13.13-160000.1.1",
            "python313-base": "3.13.13-160000.1.1",
            "python313-doc-devhelp": "3.13.13-160000.1.1",
            "python313-dbm": "3.13.13-160000.1.1",
            "python313-nogil-tools": "3.13.13-160000.1.1",
            "python313-devel": "3.13.13-160000.1.1",
            "python313-testsuite": "3.13.13-160000.1.1",
            "libpython3_13-1_0-x86-64-v3": "3.13.13-160000.1.1",
            "python313-nogil-curses": "3.13.13-160000.1.1",
            "python313-nogil-tk": "3.13.13-160000.1.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2026:20517-1.json"

openSUSE:Leap 16.0 / python313-nogil

Package

Name: python313-nogil
Purl: pkg:rpm/opensuse/python313-nogil&distro=openSUSE%20Leap%2016.0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.13.13-160000.1.1

Ecosystem specific

{
    "binaries": [
        {
            "python313-base-x86-64-v3": "3.13.13-160000.1.1",
            "python313-tools": "3.13.13-160000.1.1",
            "python313": "3.13.13-160000.1.1",
            "python313-idle": "3.13.13-160000.1.1",
            "python313-tk": "3.13.13-160000.1.1",
            "libpython3_13-1_0": "3.13.13-160000.1.1",
            "python313-nogil-base": "3.13.13-160000.1.1",
            "python313-nogil-idle": "3.13.13-160000.1.1",
            "python313-x86-64-v3": "3.13.13-160000.1.1",
            "python313-nogil": "3.13.13-160000.1.1",
            "python313-nogil-devel": "3.13.13-160000.1.1",
            "python313-doc": "3.13.13-160000.1.1",
            "python313-nogil-testsuite": "3.13.13-160000.1.1",
            "python313-nogil-dbm": "3.13.13-160000.1.1",
            "python313-curses": "3.13.13-160000.1.1",
            "libpython3_13t1_0": "3.13.13-160000.1.1",
            "python313-base": "3.13.13-160000.1.1",
            "python313-doc-devhelp": "3.13.13-160000.1.1",
            "python313-dbm": "3.13.13-160000.1.1",
            "python313-nogil-tools": "3.13.13-160000.1.1",
            "python313-devel": "3.13.13-160000.1.1",
            "python313-testsuite": "3.13.13-160000.1.1",
            "libpython3_13-1_0-x86-64-v3": "3.13.13-160000.1.1",
            "python313-nogil-curses": "3.13.13-160000.1.1",
            "python313-nogil-tk": "3.13.13-160000.1.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2026:20517-1.json"

openSUSE:Leap 16.0 / python313-nogil-nogil-core

Package

Name: python313-nogil-nogil-core
Purl: pkg:rpm/opensuse/python313-nogil-nogil-core&distro=openSUSE%20Leap%2016.0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.13.13-160000.1.1

Ecosystem specific

{
    "binaries": [
        {
            "python313-base-x86-64-v3": "3.13.13-160000.1.1",
            "python313-tools": "3.13.13-160000.1.1",
            "python313": "3.13.13-160000.1.1",
            "python313-idle": "3.13.13-160000.1.1",
            "python313-tk": "3.13.13-160000.1.1",
            "libpython3_13-1_0": "3.13.13-160000.1.1",
            "python313-nogil-base": "3.13.13-160000.1.1",
            "python313-nogil-idle": "3.13.13-160000.1.1",
            "python313-x86-64-v3": "3.13.13-160000.1.1",
            "python313-nogil": "3.13.13-160000.1.1",
            "python313-nogil-devel": "3.13.13-160000.1.1",
            "python313-doc": "3.13.13-160000.1.1",
            "python313-nogil-testsuite": "3.13.13-160000.1.1",
            "python313-nogil-dbm": "3.13.13-160000.1.1",
            "python313-curses": "3.13.13-160000.1.1",
            "libpython3_13t1_0": "3.13.13-160000.1.1",
            "python313-base": "3.13.13-160000.1.1",
            "python313-doc-devhelp": "3.13.13-160000.1.1",
            "python313-dbm": "3.13.13-160000.1.1",
            "python313-nogil-tools": "3.13.13-160000.1.1",
            "python313-devel": "3.13.13-160000.1.1",
            "python313-testsuite": "3.13.13-160000.1.1",
            "libpython3_13-1_0-x86-64-v3": "3.13.13-160000.1.1",
            "python313-nogil-curses": "3.13.13-160000.1.1",
            "python313-nogil-tk": "3.13.13-160000.1.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2026:20517-1.json"