Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 618
Alerts This Week
Warning Icon 1 618

openSUSE 15.6 Major Python Security Update Featured in SUSE-SU-2026-0613-4

suse
Calendar Grey February 20, 2026
Dist Suse Esm H88
Security update for Python addresses multiple vulnerabilities affecting openSUSE and SUSE Linux Enterprise environments.
An update that solves four vulnerabilities and has one security fix can now be installed.

Summary

## This update for python fixes the following issues: * CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel. (bsc#1257031) * CVE-2026-0865: Fixed a bug where a user-controlled header containing newlines can allow injecting HTTP headers. (bsc#1257042) * CVE-2025-15366: Fixed a bug wherer a user-controlled command can allow additional commands injected using newlines. (bsc#1257044) * CVE-2025-15367: Fixed control characters which may allow the injection of additional commands. (bsc#1257041) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7

References

* bsc#1254867

* bsc#1257031

* bsc#1257041

* bsc#1257042

* bsc#1257044

Cross-

* CVE-2025-15366

* CVE-2025-15367

* CVE-2026-0672

* CVE-2026-0865

CVSS scores:

* CVE-2025-15366 ( SUSE ): 6.0

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2025-15366 ( SUSE ): 6.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H

* CVE-2025-15366 ( NVD ): 5.9

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2025-15367 ( SUSE ): 6.0

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2025-15367 ( SUSE ): 6.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H

* CVE-2025-15367 ( NVD ): 5.9

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:0590-1
Release Date: 2026-02-20T10:05:57Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.