Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

SUSE Linux Micro 6.0 Python 311 Key Fix for Control Character Issues

suse
Calendar Grey March 18, 2026
Dist Suse Esm H88
This update for python311 addresses seven critical issues, enhancing application stability and security.
An update that solves seven vulnerabilities can now be installed.

Summary

## This update for python311 fixes the following issues: * CVE-2025-11468: preserving parens when folding comments in email headers. (bsc#1257029) * CVE-2026-0672: rejects control characters in http cookies. (bsc#1257031) * CVE-2026-0865: rejecting control characters in wsgiref.headers.Headers, which could be abused for injecting false HTTP headers. (bsc#1257042) * CVE-2025-15366: basically the same as the previous patch for IMAP protocol. (bsc#1257044) * CVE-2025-15282: basically the same as the previous patch for urllib library. (bsc#1257046) * CVE-2025-15367: basically the same as the previous patch for poplib library. (bsc#1257041) * CVE-2025-12781: fix decoding with non-standard Base64 alphabet (bsc#1257108) ## Patch Instructions:

References

* bsc#1257029

* bsc#1257031

* bsc#1257041

* bsc#1257042

* bsc#1257044

* bsc#1257046

* bsc#1257108

Cross-

* CVE-2025-11468

* CVE-2025-12781

* CVE-2025-15282

* CVE-2025-15366

* CVE-2025-15367

* CVE-2026-0672

* CVE-2026-0865

CVSS scores:

* CVE-2025-11468 ( SUSE ): 7.1

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

* CVE-2025-11468 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2025-11468 ( NVD ): 5.7

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2025-12781 ( SUSE ): 2.0

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:20710-1
Release Date: 2026-03-09T11:04:04Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here