Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 502
Alerts This Week
Warning Icon 1 502

SUSE Linux Micro 6.1 Python311 Important Threat Injection Fix 2026-20665-1

suse
Calendar Grey March 18, 2026
Dist Suse Esm H88
This update addresses seven issues in python311 on SUSE Linux to enhance security and avoid potential attacks.
An update that solves seven vulnerabilities can now be installed.

Summary

## This update for python311 fixes the following issues: * CVE-2025-11468: preserving parens when folding comments in email headers. (bsc#1257029) * CVE-2026-0672: rejects control characters in http cookies. (bsc#1257031) * CVE-2026-0865: rejecting control characters in wsgiref.headers.Headers, which could be abused for injecting false HTTP headers. (bsc#1257042) * CVE-2025-15366: basically the same as the previous patch for IMAP protocol. (bsc#1257044) * CVE-2025-15282: basically the same as the previous patch for urllib library. (bsc#1257046) * CVE-2025-15367: basically the same as the previous patch for poplib library. (bsc#1257041) * CVE-2025-12781: fix decoding with non-standard Base64 alphabet (bsc#1257108) ## Patch Instructions:

References

* bsc#1257029

* bsc#1257031

* bsc#1257041

* bsc#1257042

* bsc#1257044

* bsc#1257046

* bsc#1257108

Cross-

* CVE-2025-11468

* CVE-2025-12781

* CVE-2025-15282

* CVE-2025-15366

* CVE-2025-15367

* CVE-2026-0672

* CVE-2026-0865

CVSS scores:

* CVE-2025-11468 ( SUSE ): 7.1

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

* CVE-2025-11468 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2025-11468 ( NVD ): 5.7

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2025-12781 ( SUSE ): 2.0

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:20665-1
Release Date: 2026-03-10T19:08:57Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.