Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE Python 312 Security Update for Effective Response Code Management

suse
Calendar Grey March 3, 2026
Dist Suse Esm H88
An important security update for python311 in SUSE patches seven security issues to enhance system integrity.
An update that solves seven vulnerabilities can now be installed.

Summary

## This update for python311 fixes the following issues: * CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters (bsc#1257029). * CVE-2025-12781: inadequate parameter check can cause data integrity issues (bsc#1257108). * CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046). * CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044). * CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041). * CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel (bsc#1257031).

Topics%20covered

Topics Covered

security advisory SuSE important command injection http header python311

References

* bsc#1257029

* bsc#1257031

* bsc#1257041

* bsc#1257042

* bsc#1257044

* bsc#1257046

* bsc#1257108

Cross-

* CVE-2025-11468

* CVE-2025-12781

* CVE-2025-15282

* CVE-2025-15366

* CVE-2025-15367

* CVE-2026-0672

* CVE-2026-0865

CVSS scores:

* CVE-2025-11468 ( SUSE ): 7.1

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

* CVE-2025-11468 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2025-11468 ( NVD ): 5.7

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2025-12781 ( SUSE ): 2.0

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:0767-1
Release Date: 2026-03-03T13:05:58Z
Rating: important

Topics%20covered

Topics Covered

security advisory SuSE important command injection http header python311

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here