This update for python3 fixes the following issues:
* CVE-2025-11468: header injection when folding a long comment in an email
header containing exclusively unfoldable characters (bsc#1257029).
* CVE-2026-0672: HTTP header injection via user-controlled cookie values and
parameters when using http.cookies.Morsel (bsc#1257031).
* CVE-2026-0865: user-controlled header containing newlines can allow
injecting HTTP headers (bsc#1257042).
* CVE-2025-15366: user-controlled command can allow additional commands
injected using newlines (bsc#1257044).
* CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers
(bsc#1257046).
* CVE-2025-15367: control characters may allow the injection of additional
commands (bsc#1257041).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-664=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-664=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-664=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-664=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-664=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-664=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-664=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-664=1
* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-664=1
* SUSE Linux Enterprise High Performance Computing ESPOS...
Read the Full Advisory* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* python3-curses-debuginfo-3.6.15-150300.10.106.1
* python3-core-debugsource-3.6.15-150300.10.106.1
* python3-doc-3.6.15-150300.10.106.1
* libpython3_6m1_0-3.6.15-150300.10.106.1
* python3-tk-3.6.15-150300.10.106.1
* python3-tools-3.6.15-150300.10.106.1
* python3-debuginfo-3.6.15-150300.10.106.1
* python3-base-debuginfo-3.6.15-150300.10.106.1
* python3-tk-debuginfo-3.6.15-150300.10.106.1
* python3-debugsource-3.6.15-150300.10.106.1
* libpython3_6m1_0-debuginfo-3.6.15-150300.10.106.1
* python3-testsuite-debuginfo-3.6.15-150300.10.106.1
* python3-dbm-3.6.15-150300.10.106.1
* python3-3.6.15-150300.10.106.1
* python3-testsuite-3.6.15-150300.10.106.1
* python3-dbm-debuginfo-3.6.15-150300.10.106.1
* python3-base-3.6.15-150300.10.106.1
* python3-doc-devhelp-3.6.15-150300.10.106.1
* python3-curses-3.6.15-150300.10.106.1
* python3-devel-debuginfo-3.6.15-150300.10.106.1
* python3-idle-3.6.15-150300.10.106.1
* python3-devel-3.6.15-150300.10.106.1
* openSUSE Leap...
Read the Full Advisory* bsc#1257029
* bsc#1257031
* bsc#1257041
* bsc#1257042
* bsc#1257044
* bsc#1257046
## References:
* https://www.suse.com/security/cve/CVE-2025-11468.html
* https://www.suse.com/security/cve/CVE-2025-15282.html
* https://www.suse.com/security/cve/CVE-2025-15366.html
* https://www.suse.com/security/cve/CVE-2025-15367.html
* https://www.suse.com/security/cve/CVE-2026-0672.html
* https://www.suse.com/security/cve/CVE-2026-0865.html
* https://bugzilla.suse.com/show_bug.cgi?id=1257029
* https://bugzilla.suse.com/show_bug.cgi?id=1257031
* https://bugzilla.suse.com/show_bug.cgi?id=1257041
* https://bugzilla.suse.com/show_bug.cgi?id=1257042
* https://bugzilla.suse.com/show_bug.cgi?id=1257044
* https://bugzilla.suse.com/show_bug.cgi?id=1257046
Get the latest Linux and open source security news straight to your inbox.