## This update for python-PyJWT fixes the following issues: Update to PyJWT 2.12.1: * CVE-2024-53861: prevent partial matching of the Issuer field (bsc#1234038). * CVE-2026-32597: validate the crit Header Parameter defined in RFC 7515 (bsc#1259616). Changelog: Update to 2.12.1: * Add missing typing_extensions dependency for Python < 3.11 in #1150 Update to 2.12.0: * Annotate PyJWKSet.keys for pyright by @tamird in #1134 * Close HTTPError response to prevent ResourceWarning on Python 3.14 by @veeceey in #1133 * Do not keep algorithms dict in PyJWK instances by @akx in #1143 * Use PyJWK algorithm when encoding without explicit algorithm in #1148 * Docs: Add PyJWKClient API reference and document the two-tier caching system (JWK Set cache and signing key LRU cache). Update to 2.11.0:
* bsc#1234038
* bsc#1259616
Cross-
* CVE-2024-53861
* CVE-2026-32597
CVSS scores:
* CVE-2024-53861 ( NVD ): 2.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-53861 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-32597 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-32597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-32597 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products:
* SUSE Linux Micro 6.1
An update that solves two vulnerabilities can now be installed.
##
* https://www.suse.com/security/cve/CVE-2024-53861.html
* https://www.suse.com/security/cve/CVE-2026-32597.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234038
Get the latest Linux and open source security news straight to your inbox.