This update for python311 fixes the following issues:
Update to python 3.11.15:
* CVE-2025-6075: quadratic complexity in os.path.expandvars() (bsc#1252974).
* CVE-2025-11468: header injection with carefully crafted inputs
(bsc#1257029).
* CVE-2025-12084: quadratic complexity in xml.minidom node ID cache clearing
(bsc#1254997).
* CVE-2025-13836: potential memory denial of service in the http.client module
(bsc#1254400).
* CVE-2025-13837: potential memory denial of service in the plistlib module
(bsc#1254401).
* CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers
(bsc#1257046).
* CVE-2026-0672: control characters in http.cookies.Morsel fields and values
(bsc#1257031).
* CVE-2026-0865: C0 control characters within wsgiref.headers.Headers fields,
values, and parameters (bsc#1257042).
* CVE-2026-1299: header injection when an email is serialized due to improper
newline quoting (bsc#1257181).
* CVE-2026-2297:...
Read the Full Advisory## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1117=1
* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1117=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1117=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1117=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1117=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1117=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1117=1
* SUSE Linux Enterprise Server 15 SP5...
Read the Full Advisory* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* python311-doc-devhelp-3.11.15-150400.9.80.1
* python311-curses-debuginfo-3.11.15-150400.9.80.1
* python311-core-debugsource-3.11.15-150400.9.80.1
* libpython3_11-1_0-3.11.15-150400.9.80.1
* python311-testsuite-debuginfo-3.11.15-150400.9.80.1
* python311-debuginfo-3.11.15-150400.9.80.1
* python311-idle-3.11.15-150400.9.80.1
* python311-doc-3.11.15-150400.9.80.1
* python311-3.11.15-150400.9.80.1
* python311-tk-3.11.15-150400.9.80.1
* python311-tools-3.11.15-150400.9.80.1
* libpython3_11-1_0-debuginfo-3.11.15-150400.9.80.1
* python311-debugsource-3.11.15-150400.9.80.1
* python311-testsuite-3.11.15-150400.9.80.1
* python311-curses-3.11.15-150400.9.80.1
* python311-base-debuginfo-3.11.15-150400.9.80.1
* python311-tk-debuginfo-3.11.15-150400.9.80.1
* python311-base-3.11.15-150400.9.80.1
* python311-devel-3.11.15-150400.9.80.1
* python311-dbm-debuginfo-3.11.15-150400.9.80.1
* python311-dbm-3.11.15-150400.9.80.1
* openSUSE Leap 15.4 (x86_64)
*...
Read the Full Advisory* bsc#1252974
* bsc#1254400
* bsc#1254401
* bsc#1254997
* bsc#1257029
* bsc#1257031
* bsc#1257042
* bsc#1257046
* bsc#1257181
* bsc#1259240
## References:
* https://www.suse.com/security/cve/CVE-2025-11468.html
* https://www.suse.com/security/cve/CVE-2025-12084.html
* https://www.suse.com/security/cve/CVE-2025-13836.html
* https://www.suse.com/security/cve/CVE-2025-13837.html
* https://www.suse.com/security/cve/CVE-2025-15282.html
* https://www.suse.com/security/cve/CVE-2025-6075.html
* https://www.suse.com/security/cve/CVE-2026-0672.html
* https://www.suse.com/security/cve/CVE-2026-0865.html
* https://www.suse.com/security/cve/CVE-2026-1299.html
* https://www.suse.com/security/cve/CVE-2026-2297.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252974
* https://bugzilla.suse.com/show_bug.cgi?id=1254400
* https://bugzilla.suse.com/show_bug.cgi?id=1254401
* https://bugzilla.suse.com/show_bug.cgi?id=1254997
* https://bugzilla.suse.com/show_bug.cgi?id=1257029
* https://bugzilla.suse.com/show_bug.cgi?id=1257031
*...
Read the Full AdvisoryGet the latest Linux and open source security news straight to your inbox.