An update for python3 is now available for HCE 2.0

HCE2-SA-2026-0090 An update for python3 is now available for HCE 2.0 Important HCE 2.0 Security Fix(es): When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents. (CVE-2025-12084) When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS. (CVE-2025-13836) CPython 3.9 and earlier doesn_x27;t disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured). (CVE-2024-5642) When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters. (CVE-2026-0672) The email module, specifically the "BytesGenerator" class, didn_x27;t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don_x27;t respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator". (CVE-2026-1299) If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables. (CVE-2025-6075) When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues (CVE-2025-13837) HCE 2.0 python3-3.9.9-7.r39.hce2.x86_64.rpm python3-devel-3.9.9-7.r39.hce2.x86_64.rpm python3-help-3.9.9-7.r39.hce2.noarch.rpm python3-unversioned-command-3.9.9-7.r39.hce2.x86_64.rpm python3-3.9.9-7.r39.hce2.aarch64.rpm python3-devel-3.9.9-7.r39.hce2.aarch64.rpm python3-unversioned-command-3.9.9-7.r39.hce2.aarch64.rpm