Red Hat Security Advisory: python3.14 security update
🔗 CVE IDs covered (9)
📋 Description
CVE-2026-0865 — cpython: wsgiref.headers.Headers allows header newline injection in Python CVE-2026-1502 — python: Python: HTTP header injection via CR/LF in proxy tunnel headers CVE-2026-2297 — cpython: CPython: Logging Bypass in Legacy .pyc File Handling CVE-2026-3644 — cpython: Incomplete control character validation in http.cookies CVE-2026-4224 — cpython: Stack overflow parsing XML with deeply nested DTD content models CVE-2026-4519 — python: Python: Command-line option injection in webbrowser.open() via crafted URLs CVE-2026-4786 — python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API CVE-2026-5713 — python: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process. CVE-2026-6100 — python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules
🔗 References (12)
- selfhttps://access.redhat.com/errata/RHSA-2026:19019
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2431367
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2444691
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2448168
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2448181
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2449649
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2457409
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2457932
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2458049
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2458239
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_19019.json