Security update for python-virtualenv SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:20129-1 Final 1 1 2026-01-22T15:48:44Z current 2026-01-22T15:48:44Z 2026-01-22T15:48:44Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-virtualenv This update for python-virtualenv fixes the following issues: - CVE-2026-22702: Fixed local attacker can redirect file operations via TOCTOU race condition (bsc#1256458). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLES-16.0-175 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-202620129-1/ Link for SUSE-SU-2026:20129-1 https://lists.suse.com/pipermail/sle-updates/2026-January/043742.html E-Mail link for SUSE-SU-2026:20129-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1256458 SUSE Bug 1256458 https://www.suse.com/security/cve/CVE-2026-22702/ SUSE CVE CVE-2026-22702 page SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server for SAP applications 16.0 python313-virtualenv-20.29.3-160000.3.1 python313-virtualenv-20.29.3-160000.3.1 as a component of SUSE Linux Enterprise Server 16.0 python313-virtualenv-20.29.3-160000.3.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a race condition between directory existence checks and creation to redirect virtualenv's app_data and lock file operations to attacker-controlled locations. This issue has been patched in version 20.36.1. CVE-2026-22702 SUSE Linux Enterprise Server 16.0:python313-virtualenv-20.29.3-160000.3.1 SUSE Linux Enterprise Server for SAP applications 16.0:python313-virtualenv-20.29.3-160000.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-202620129-1/ https://www.suse.com/security/cve/CVE-2026-22702.html CVE-2026-22702 https://bugzilla.suse.com/1256458 SUSE Bug 1256458