Security News

Cybersecurity news aggregator

🔄
HIGH Updates Red Hat Errata

RHSA-2026:16699: Important: python3.12 security update

cve-2025-1234redhatpython_securitycve-2026-6100cve-2026-4786
This security update addresses two Important-severity vulnerabilities in Python 3.12 for Red Hat Enterprise Linux 10.0 EUS: a use-after-free in decompression modules (CVE-2026-6100) allowing arbitrary code execution or information disclosure, and a command injection flaw in the `webbrowser.open()` API (CVE-2026-4786) leading to arbitrary code execution. The article does not provide specific CVSS scores, affected version ranges, or fixed version numbers for the Python packages. Red Hat advises applying the update via the referenced solution article; no workaround is mentioned.
Read Full Article →

Red Hat Product Errata RHSA-2026:16699 - Security Advisory Issued: 2026-05-13 Updated: 2026-05-13 RHSA-2026:16699 - Security Advisory Overview Updated Packages Synopsis Important: python3.12 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for python3.12 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100) python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2457932 - CVE-2026-6100 python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules BZ - 2458049 - CVE-2026-4786 python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API CVEs CVE-2026-4786 CVE-2026-6100 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM python3.12-3.12.9-2.el10_0.9.src.rpm SHA-256: b3f13c8c30029f28ba6015543fcbf40b5e98a0b46e83634009cc94eb068e0257 x86_64 python-unversioned-command-3.12.9-2.el10_0.9.noarch.rpm SHA-256: fabd53d30cae898b59e4ade7163f28ca7c750e817788e965baf1763b6f8e4ed4 python3-3.12.9-2.el10_0.9.x86_64.rpm SHA-256: 9357b2151557b06602010a862e3e8cde63137b78bbf8b9e20f5207f7f8743c45 python3-devel-3.12.9-2.el10_0.9.x86_64.rpm SHA-256: 821eca497e0a5c7c664f599ad0258fa47b9ffd8c3d1658b555b8f269f8d0774a python3-libs-3.12.9-2.el10_0.9.x86_64.rpm SHA-256: a7b1f194aaaa857fc8efc876d1b3461bec03608027abd864faebe151d3671089 python3-tkinter-3.12.9-2.el10_0.9.x86_64.rpm SHA-256: 9efb46c4796206759ec81fbfff0624535a5f58c246eeccbd5c8c9bab50c4d163 python3.12-debuginfo-3.12.9-2.el10_0.9.x86_64.rpm SHA-256: 7c49ed84388fedf9c8124bd8271fa890d423a4df3bb0aee350dd27c340ea6737 python3.12-debuginfo-3.12.9-2.el10_0.9.x86_64.rpm SHA-256: 7c49ed84388fedf9c8124bd8271fa890d423a4df3bb0aee350dd27c340ea6737 python3.12-debugsource-3.12.9-2.el10_0.9.x86_64.rpm SHA-256: 8c813348d1d109610556eba909c676cc9a68608684fd29387d92a272efee26ea python3.12-debugsource-3.12.9-2.el10_0.9.x86_64.rpm SHA-256: 8c813348d1d109610556eba909c676cc9a68608684fd29387d92a272efee26ea Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM python3.12-3.12.9-2.el10_0.9.src.rpm SHA-256: b3f13c8c30029f28ba6015543fcbf40b5e98a0b46e83634009cc94eb068e0257 s390x python-unversioned-command-3.12.9-2.el10_0.9.noarch.rpm SHA-256: fabd53d30cae898b59e4ade7163f28ca7c750e817788e965baf1763b6f8e4ed4 python3-3.12.9-2.el10_0.9.s390x.rpm SHA-256: 7b20889316d6ef72a59c96ee8d945ed864f22b2590713837962e70504b416a21 python3-devel-3.12.9-2.el10_0.9.s390x.rpm SHA-256: 3ead4791f596c56f0f61311841aff002b085e4453411007f4fc72dde627bae13 python3-libs-3.12.9-2.el10_0.9.s390x.rpm SHA-256: 377959fcde04ffc916ee288ac71ef88eb355d2b8f09fb70f9a21f2327d2da0a8 python3-tkinter-3.12.9-2.el10_0.9.s390x.rpm SHA-256: 6469ce3543681521f58fed64b5948781005f49b086cc6646d8893be792d129d3 python3.12-debuginfo-3.12.9-2.el10_0.9.s390x.rpm SHA-256: 10b42013eabadb3f53c05a81dbf4ac8766045a89e077ed9b0245b159be8e408c python3.12-debuginfo-3.12.9-2.el10_0.9.s390x.rpm SHA-256: 10b42013eabadb3f53c05a81dbf4ac8766045a89e077ed9b0245b159be8e408c python3.12-debugsource-3.12.9-2.el10_0.9.s390x.rpm SHA-256: bd91c60dcd7b0571675076c249f6e828d9913e900fdf733d9c2d889f7dc26870 python3.12-debugsource-3.12.9-2.el10_0.9.s390x.rpm SHA-256: bd91c60dcd7b0571675076c249f6e828d9913e900fdf733d9c2d889f7dc26870 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM python3.12-3.12.9-2.el10_0.9.src.rpm SHA-256: b3f13c8c30029f28ba6015543fcbf40b5e98a0b46e83634009cc94eb068e0257 ppc64le python-unversioned-command-3.12.9-2.el10_0.9.noarch.rpm SHA-256: fabd53d30cae898b59e4ade7163f28ca7c750e817788e965baf1763b6f8e4ed4 python3-3.12.9-2.el10_0.9.ppc64le.rpm SHA-256: 639188b940448deb2c954932c1bb67f3edb26cd9f4a7d81b298979e497c68042 python3-devel-3.12.9-2.el10_0.9.ppc64le.rpm SHA-256: 0d034f954755d375b83061d40d72b1f4a75d3863d8666966147db63fe14927b1 python3-libs-3.12.9-2.el10_0.9.ppc64le.rpm SHA-256: 0b8f71c235f69d050e679c0ca613a919066f17db455e4b6eada2d0f3773025e3 python3-tkinter-3.12.9-2.el10_0.9.ppc64le.rpm SHA-256: 66492742a0a1d07594a307f32a6810c22d21f3a8c1a99f941f82c4c3136908bf python3.12-debuginfo-3.12.9-2.el10_0.9.ppc64le.rpm SHA-256: 67b2c5956d433a378f19322841384faf8da0937a7f4921a8f2f6e35aa047b72b python3.12-debuginfo-3.12.9-2.el10_0.9.ppc64le.rpm SHA-256: 67b2c5956d433a378f19322841384faf8da0937a7f4921a8f2f6e35aa047b72b python3.12-debugsource-3.12.9-2.el10_0.9.ppc64le.rpm SHA-256: 667cb26dd5374038280215006dfaa8689dc5b14bfd979d71900acab4d1895a5b python3.12-debugsource-3.12.9-2.el10_0.9.ppc64le.rpm SHA-256: 667cb26dd5374038280215006dfaa8689dc5b14bfd979d71900acab4d1895a5b Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 SRPM python3.12-3.12.9-2.el10_0.9.src.rpm SHA-256: b3f13c8c30029f28ba6015543fcbf40b5e98a0b46e83634009cc94eb068e0257 aarch64 python-unversioned-command-3.12.9-2.el10_0.9.noarch.rpm SHA-256: fabd53d30cae898b59e4ade7163f28ca7c750e817788e965baf1763b6f8e4ed4 python3-3.12.9-2.el10_0.9.aarch64.rpm SHA-256: 8e47b75b7cec2c63bd0e7068fd017c26d048547adabfff43f06c646779b6925a python3-devel-3.12.9-2.el10_0.9.aarch64.rpm SHA-256: b9130aaadc560f9cee805f14a778ca793289538ae6404cf04d781c6dba42eaac python3-libs-3.12.9-2.el10_0.9.aarch64.rpm SHA-256: 87c881e3ef490be7cc17741938401ac4ed236fa4b414fbf1f3c06379ac38b05d python3-tkinter-3.12.9-2.el10_0.9.aarch64.rpm SHA-256: 1019f15139c00c982a8d8cf17a07c79eed0fdbac4534d85d97e980cc632d78e2 python3.12-debuginfo-3.12.9-2.el10_0.9.aarch64.rpm SHA-256: dc3cc3fc3c9ffaa3c3960fa492bd5a520984e5975d6c1190437ae47d45e83113 python3.12-debuginfo-3.12.9-2.el10_0.9.aarch64.rpm SHA-256: dc3cc3fc3c9ffaa3c3960fa492bd5a520984e5975d6c1190437ae47d45e83113 python3.12-debugsource-3.12.9-2.el10_0.9.aarch64.rpm SHA-256: cb44331db67f9e6683020137dbe4c51aa9dee9decf73d981490e52955f182f87 python3.12-debugsource-3.12.9-2.el10_0.9.aarch64.rpm SHA-256: cb44331db67f9e6683020137dbe4c51aa9dee9decf73d981490e52955f182f87 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 SRPM x86_64 python3-debug-3.12.9-2.el10_0.9.x86_64.rpm SHA-256: 5e265cb5aa52d687702fe918f49f942319315987eaac948bab7490ee617a2cd8 python3-idle-3.12.9-2.el10_0.9.x86_64.rpm SHA-256: 6f65baf0f104890c148d5190b1db0b48f415cb48250a6da5b48ec46aeaec68d4 python3-test-3.12.9-2.el10_0.9.x86_64.rpm SHA-256: e5c6606d9eccace6613364863274ce2a0235667f6d83b3b26edf884e68c74304 python3.12-debuginfo-3.12.9-2.el10_0.9.x86_64.rpm SHA-256: 7c49ed84388fedf9c8124bd8271fa890d423a4df3bb0aee350dd27c340ea6737 python3.12-debugsource-3.12.9-2.el10_0.9.x86_64.rpm SHA-256: 8c813348d1d109610556eba909c676cc9a68608684fd29387d92a272efee26ea Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 SRPM ppc64le python3-debug-3.12.9-2.el10_0.9.ppc64le.rpm SHA-256: 72f7c1d4925a668a75863eeab9f558bd6f4d9253701db5437429fdd990bf3114 python3-idle-3.12.9-2.el10_0.9.ppc64le.rpm SHA-256: bda1c6eecc9f670969597e043861905836dd63bd4bbb1c1096b3c7f98dc21b5b python3-test-3.12.9-2.el10_0.9.ppc64le.rpm SHA-256: b86b9abb215dcdbb928291a442866c31e23fd28842baa65f45a27a78e7522dbc python3.12-debuginfo-3.12.9-2.el10_0.9.ppc64le.rpm SHA-256: 67b2c5956d433a378f19322841384faf8da0937a7f4921a8f2f6e35aa047b72b python3.12-debugsource-3.12.9-2.el10_0.9.ppc64le.rpm SHA-256: 667cb26dd5374038280215006dfaa8689dc5b14bfd979d71900acab4d1895a5b Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 SRPM s390x python3-debug-3.12.9-2.el10_0.9.s390x.rpm SHA-256: 6838999c94cc1b25991b95046193b5c7d40ea7fd854c680fdaf3c91edc3be685 python3-idle-3.12.9-2.el10_0.9.s390x.rpm SHA-256: 8cb8d5af91b0f0b00a959a0002341f36e29224c5aa50ba0ebd8309a9367160f8 python3-test-3.12.9-2

Related Articles

HIGH RHSA-2026:10745: Important: python3.12 security update Red Hat Errata HIGH RHSA-2026:10774: Important: python3.11 security update Red Hat Errata HIGH RHSA-2026:11077: Important: python3 security update Red Hat Errata HIGH RHSA-2026:19175: Important: python3.11 security update Red Hat Errata
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn