Alerts This Week
Warning Icon 1 562
Alerts This Week
Warning Icon 1 562

Fedora 42 python3.9 Critical Command Injection Fix FEDORA-2026-cad5404d98

fedora
Calendar Grey February 28, 2026
Dist Fedora Esm H88
Discover essential security fixes for Python 3.9 on Fedora 42 addressing critical command injection issues and more.
Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367

Summary

Python 3.9 package for developers.

This package exists to allow developers to test their code against an older

version of Python. This is not a full Python stack and if you wish to run

your applications with Python 3.9, see other distributions

that support it, such as CentOS or RHEL or older Fedora releases.

Update Information:

Security fixes for CVE-2026-1299, CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367

Topics%20covered

Topics Covered

security advisory fedora critical command injection header injection python3.9

Change Log

* Tue Feb 10 2026 Tom\u0161 Hrn\u010diar - 3.9.25-6 - Security fix for CVE-2026-1299 * Mon Feb 9 2026 Tom\u0161 Hrn\u010diar - 3.9.25-5 - Security fixes for CVE-2026-0865, CVE-2025-15366 and CVE-2025-15367 * Sat Jan 17 2026 Fedora Release Engineering - 3.9.25-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild

References


[ 1 ] Bug #2431622 - CVE-2025-15366 python3.9: IMAP command injection in user-controlled commands [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2431622 [ 2 ] Bug #2431646 - CVE-2025-15367 python3.9: POP3 command injection in user-controlled commands [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2431646 [ 3 ] Bug #2431810 - CVE-2026-0865 python3.9: wsgiref.headers.Headers allows header newline injection in Python [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2431810 [ 4 ] Bug #2433822 - CVE-2026-1299 python3.9: email header injection due to unquoted newlines [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2433822

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-cad5404d98' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: python3.9
Product: Fedora 42
Version: 3.9.25
Release: 6.fc42
URL: https://www.python.org/
Summary: Version 3.9 of the Python interpreter

Topics%20covered

Topics Covered

security advisory fedora critical command injection header injection python3.9

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here