Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 591
Alerts This Week
Warning Icon 1 591

SUSE Python311 Important Injection Issues Fix 2026-0693-1

suse
Calendar Grey February 27, 2026
Dist Suse Esm H88
An important update for python311 resolves seven vulnerabilities and enhances system security on SUSE Linux.
An update that solves seven vulnerabilities can now be installed.

Summary

## This update for python311 fixes the following issues: * CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters (bsc#1257029). * CVE-2025-12781: inadequate parameter check can cause data integrity issues (bsc#1257108). * CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046). * CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044). * CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041). * CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel (bsc#1257031).

References

* bsc#1257029

* bsc#1257031

* bsc#1257041

* bsc#1257042

* bsc#1257044

* bsc#1257046

* bsc#1257108

Cross-

* CVE-2025-11468

* CVE-2025-12781

* CVE-2025-15282

* CVE-2025-15366

* CVE-2025-15367

* CVE-2026-0672

* CVE-2026-0865

CVSS scores:

* CVE-2025-11468 ( SUSE ): 7.1

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

* CVE-2025-11468 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2025-11468 ( NVD ): 5.7

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2025-12781 ( SUSE ): 2.0

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:0693-1
Release Date: 2026-02-27T15:14:10Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.