Alerts This Week
Warning Icon 1 687
Alerts This Week
Warning Icon 1 687

Fedora 42 python3.10 Essential Command Injection Remedy 2026-bfc2aeben63

fedora
Calendar Grey March 7, 2026
Dist Fedora Esm H88
Critical security fixes for Python 3.10 in Fedora 42 addressing multiple command injection issues and recommendations. Stay secure!
Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367

Summary

Python 3.10 is an accessible, high-level, dynamically typed, interpreted

programming language, designed with an emphasis on code readability.

It includes an extensive standard library, and has a vast ecosystem of

third-party libraries.

The python3.10 package provides the "python3.10" executable: the reference

interpreter for the Python language, version 3.

The majority of its standard library is provided in the python3.10-libs package,

which should be installed automatically along with python3.10.

The remaining parts of the Python standard library are broken out into the

python3.10-tkinter and python3.10-test packages, which may need to be installed

separately.

Documentation for Python is provided in the python3.10-docs package.

Packages containing additional libraries for Python are generally named with

the "python3.10-" prefix.

Update Information:

Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367

Topics%20covered

Topics Covered

security advisory fedora critical remote access command injection python3.10

Change Log

* Mon Feb 9 2026 Tom\u0161 Hrn\u010diar - 3.10.19-4 - Security fixes for CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367 * Sat Jan 17 2026 Fedora Release Engineering - 3.10.19-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Tue Jan 6 2026 Karolina Surma - 3.10.19-2 - Require at least the same expat version as used during the build time

References


[ 1 ] Bug #2431615 - CVE-2025-15366 python3.10: IMAP command injection in user-controlled commands [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2431615 [ 2 ] Bug #2431639 - CVE-2025-15367 python3.10: POP3 command injection in user-controlled commands [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2431639 [ 3 ] Bug #2431788 - CVE-2026-0865 python3.10: wsgiref.headers.Headers allows header newline injection in Python [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2431788 [ 4 ] Bug #2433815 - CVE-2026-1299 python3.10: email header injection due to unquoted newlines [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2433815

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ef5d97522f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: python3.10
Product: Fedora 42
Version: 3.10.19
Release: 4.fc42
URL: https://www.python.org/
Summary: Version 3.10 of the Python interpreter

Topics%20covered

Topics Covered

security advisory fedora critical remote access command injection python3.10

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here