- What: Security update for python3.9 in Red Hat Enterprise Linux 9
- Impact: Systems using python3.9 may be vulnerable to security issues if not updated
Red Hat Product Errata RHSA-2026:19216 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19216 - Security Advisory Overview Updated Packages Synopsis Important: python3.9 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for python3.9 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): python: Python: Command-line option injection in webbrowser.open() via crafted URLs (CVE-2026-4519) python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100) python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64 Red Hat CodeReady Linux Builder for x86_64 9 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le Red Hat CodeReady Linux Builder for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.8 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.8 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.8 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x Fixes BZ - 2449649 - CVE-2026-4519 python: Python: Command-line option injection in webbrowser.open() via crafted URLs BZ - 2457932 - CVE-2026-6100 python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules BZ - 2458049 - CVE-2026-4786 python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API CVEs CVE-2026-4519 CVE-2026-4786 CVE-2026-6100 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM python3.9-3.9.25-7.el9_8.src.rpm SHA-256: cca2abdde75b1deaa74f6072283651ba7193c2a4fcda8295413bdbb4cf88fa40 x86_64 python-unversioned-command-3.9.25-7.el9_8.noarch.rpm SHA-256: 39bf583a997d1ab3f708e15f3825dafdadd9232ec221afa1406dc2cd89634660 python3-3.9.25-7.el9_8.x86_64.rpm SHA-256: 6e19476d33bcc02b1c275c7d01131c3a15f3160d1bbc03348c7929aebbb3f686 python3-devel-3.9.25-7.el9_8.i686.rpm SHA-256: 4952fb49aaee36bb530b437b496cedefcffeb594675319f51f76f008e976367a python3-devel-3.9.25-7.el9_8.x86_64.rpm SHA-256: efa9a00b343a01c2b3d8353a57e06272ac0789ba2ffca2f7f7a109c652c05575 python3-libs-3.9.25-7.el9_8.i686.rpm SHA-256: 4b943e548d80301ed1eb7f3fb0423983070e5577d9e1a12a3e6dcbbfcda20804 python3-libs-3.9.25-7.el9_8.x86_64.rpm SHA-256: 91a38a134da1fdf79c721099cf733613b676f1c200f63e434319a34e6d8005be python3-tkinter-3.9.25-7.el9_8.x86_64.rpm SHA-256: 2441f4b94e081f118e232723dc0b011c605969a6f1558c9aa2b6a3a2196fbbba python3.9-debuginfo-3.9.25-7.el9_8.i686.rpm SHA-256: 4c3eceda2b18e3676bfc46850c0a6a2d38ac8e3e02263287762ee2a7a63bcd52 python3.9-debuginfo-3.9.25-7.el9_8.i686.rpm SHA-256: 4c3eceda2b18e3676bfc46850c0a6a2d38ac8e3e02263287762ee2a7a63bcd52 python3.9-debuginfo-3.9.25-7.el9_8.x86_64.rpm SHA-256: 3fa03eaa1591b85e0a43702b98dd098ed85a52879f0b4ded1b380fc602c380b3 python3.9-debuginfo-3.9.25-7.el9_8.x86_64.rpm SHA-256: 3fa03eaa1591b85e0a43702b98dd098ed85a52879f0b4ded1b380fc602c380b3 python3.9-debugsource-3.9.25-7.el9_8.i686.rpm SHA-256: afd4b7ec87f9141c375bb18964c20fac732093b373d98d2467374d800b43bcd7 python3.9-debugsource-3.9.25-7.el9_8.i686.rpm SHA-256: afd4b7ec87f9141c375bb18964c20fac732093b373d98d2467374d800b43bcd7 python3.9-debugsource-3.9.25-7.el9_8.x86_64.rpm SHA-256: 9577e28e602ba65aae45d218a749337e02a1e10374c1d482cf3fc0f4e51a2bc1 python3.9-debugsource-3.9.25-7.el9_8.x86_64.rpm SHA-256: 9577e28e602ba65aae45d218a749337e02a1e10374c1d482cf3fc0f4e51a2bc1 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 SRPM python3.9-3.9.25-7.el9_8.src.rpm SHA-256: cca2abdde75b1deaa74f6072283651ba7193c2a4fcda8295413bdbb4cf88fa40 x86_64 python-unversioned-command-3.9.25-7.el9_8.noarch.rpm SHA-256: 39bf583a997d1ab3f708e15f3825dafdadd9232ec221afa1406dc2cd89634660 python3-3.9.25-7.el9_8.x86_64.rpm SHA-256: 6e19476d33bcc02b1c275c7d01131c3a15f3160d1bbc03348c7929aebbb3f686 python3-devel-3.9.25-7.el9_8.i686.rpm SHA-256: 4952fb49aaee36bb530b437b496cedefcffeb594675319f51f76f008e976367a python3-devel-3.9.25-7.el9_8.x86_64.rpm SHA-256: efa9a00b343a01c2b3d8353a57e06272ac0789ba2ffca2f7f7a109c652c05575 python3-libs-3.9.25-7.el9_8.i686.rpm SHA-256: 4b943e548d80301ed1eb7f3fb0423983070e5577d9e1a12a3e6dcbbfcda20804 python3-libs-3.9.25-7.el9_8.x86_64.rpm SHA-256: 91a38a134da1fdf79c721099cf733613b676f1c200f63e434319a34e6d8005be python3-tkinter-3.9.25-7.el9_8.x86_64.rpm SHA-256: 2441f4b94e081f118e232723dc0b011c605969a6f1558c9aa2b6a3a2196fbbba python3.9-debuginfo-3.9.25-7.el9_8.i686.rpm SHA-256: 4c3eceda2b18e3676bfc46850c0a6a2d38ac8e3e02263287762ee2a7a63bcd52 python3.9-debuginfo-3.9.25-7.el9_8.i686.rpm SHA-256: 4c3eceda2b18e3676bfc46850c0a6a2d38ac8e3e02263287762ee2a7a63bcd52 python3.9-debuginfo-3.9.25-7.el9_8.x86_64.rpm SHA-256: 3fa03eaa1591b85e0a43702b98dd098ed85a52879f0b4ded1b380fc602c380b3 python3.9-debuginfo-3.9.25-7.el9_8.x86_64.rpm SHA-256: 3fa03eaa1591b85e0a43702b98dd098ed85a52879f0b4ded1b380fc602c380b3 python3.9-debugsource-3.9.25-7.el9_8.i686.rpm SHA-256: afd4b7ec87f9141c375bb18964c20fac732093b373d98d2467374d800b43bcd7 python3.9-debugsource-3.9.25-7.el9_8.i686.rpm SHA-256: afd4b7ec87f9141c375bb18964c20fac732093b373d98d2467374d800b43bcd7 python3.9-debugsource-3.9.25-7.el9_8.x86_64.rpm SHA-256: 9577e28e602ba65aae45d218a749337e02a1e10374c1d482cf3fc0f4e51a2bc1 python3.9-debugsource-3.9.25-7.el9_8.x86_64.rpm SHA-256: 9577e28e602ba65aae45d218a749337e02a1e10374c1d482cf3fc0f4e51a2bc1 Red Hat Enterprise Linux for IBM z Systems 9 SRPM python3.9-3.9.25-7.el9_8.src.rpm SHA-256: cca2abdde75b1deaa74f6072283651ba7193c2a4fcda8295413bdbb4cf88fa40 s390x python-unversioned-command-3.9.25-7.el9_8.noarch.rpm SHA-256: 39bf583a997d1ab3f708e15f3825dafdadd9232ec221afa1406dc2cd89634660 python3-3.9.25-7.el9_8.s390x.rpm SHA-256: 667a54cb203dda2151c521bddb65f84c9e7b9986b84db1609d570054aa82c513 python3-devel-3.9.25-7.el9_8.s390x.rpm SHA-256: c8dd5d12f29b939b802b832198286d0526ceba9516e959c9f2b6834a6028474e python3-libs-3.9.25-7.el9_8.s390x.rpm SHA-256: ecb17d1b06fead17c2e469ebaba6dc3f4f14534575597833f4e2e9ec73d4d551 python3-tkinter-3.9.25-7.el9_8.s390x.rpm SHA-256: 5414ed5ee342ebb774ebe7b7a64c588387bcd2264d78aa345a7cee2ad37b0db2 python3.9-debuginfo-3.9.25-7.el9_8.s390x.rpm SHA-256: e835ab58e27b29e67691aefb9471b3bbd6cac1effd9479d9a058a699f320613d python3.9-debuginfo-3.9.25-7.el9_8.s390x.rpm SHA-256: e835ab58e27b29e67691aefb9471b3bbd6cac1effd9479d9a058a699f320613d python3.9-debugsource-3.9.25-7.el9_8.s390x.rpm SHA-256: dbbdbe95133f5c4f8fb9f08988d466854bb3aa1fc208151fb8862d923bac5943 python3.9-debugsource-3.9.25-7.el9_8.s390x.rpm SHA-256: dbbdbe95133f5c4f8fb9f08988d466854bb3aa1fc208151fb8862d923bac5943 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 SRPM python3.9-3.9.25-7.el9_8.src.rpm SHA-256: cca2abdde75b1deaa74f6072283651ba7193c2a4fcda8295413bdbb4cf88fa40 s390x python-unversioned-command-3.9.25-7.el9_8.noarch.rpm SHA-256: 39bf583a997d1ab3f708e15f3825dafdadd9232ec221afa1406dc2cd89634660 python3-3.9.25-7.el9_8.s390x.rpm SHA-256: 667a54cb203dda2151c521bddb65f84c9e7b9986b84db1609d570054aa82c513 python3-devel-3.9.25-7.el9_8.s390x.rpm SHA-256: c8dd5d12f29b939b802b832198286d0526ceba9516e959c9f2b6834a6028474e python3-libs-3.9.25-7.el9_8.s390x.rpm SHA-256: ecb17d1b06fead17c2e469ebaba6dc3f4f14534575597833f4e2e9ec73d4d551 python3-tkinter-3.9.25-7.el9_8.s390x.rpm SHA-256: 5414ed5ee342ebb774ebe7b7a64c588387bcd2264d78aa345a7cee2ad37b0db2 python3.9-debuginfo-3.9.25-7.el9_8.s390x.rpm SHA-256: e835ab58e27b29e67691aefb9471b3bbd6cac1effd9479d9a058a69