SUSE-SU-2026:0590-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2026/suse-su-20260590-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0590-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2026:0590-1
Upstream
Related
Published
2026-02-20T10:05:50Z
Modified
2026-03-23T04:52:23.042965Z
Summary
Security update for python
Details

This update for python fixes the following issues:

  • CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel. (bsc#1257031)
  • CVE-2026-0865: Fixed a bug where a user-controlled header containing newlines can allow injecting HTTP headers. (bsc#1257042)
  • CVE-2025-15366: Fixed a bug wherer a user-controlled command can allow additional commands injected using newlines. (bsc#1257044)
  • CVE-2025-15367: Fixed control characters which may allow the injection of additional commands. (bsc#1257041)
References

Affected packages

openSUSE:Leap 15.6
python

Package

Name
python
Purl
pkg:rpm/opensuse/python&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.18-150000.102.1

Ecosystem specific 

{
    "binaries": [
        {
            "python-base-32bit": "2.7.18-150000.102.1",
            "python-devel": "2.7.18-150000.102.1",
            "python-32bit": "2.7.18-150000.102.1",
            "python-base": "2.7.18-150000.102.1",
            "python-curses": "2.7.18-150000.102.1",
            "python-doc-pdf": "2.7.18-150000.102.1",
            "python-doc": "2.7.18-150000.102.1",
            "python-xml": "2.7.18-150000.102.1",
            "python-demo": "2.7.18-150000.102.1",
            "python": "2.7.18-150000.102.1",
            "libpython2_7-1_0": "2.7.18-150000.102.1",
            "python-gdbm": "2.7.18-150000.102.1",
            "python-idle": "2.7.18-150000.102.1",
            "python-tk": "2.7.18-150000.102.1",
            "libpython2_7-1_0-32bit": "2.7.18-150000.102.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0590-1.json"
python-base

Package

Name
python-base
Purl
pkg:rpm/opensuse/python-base&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.18-150000.102.1

Ecosystem specific 

{
    "binaries": [
        {
            "python-base-32bit": "2.7.18-150000.102.1",
            "python-devel": "2.7.18-150000.102.1",
            "python-32bit": "2.7.18-150000.102.1",
            "python-base": "2.7.18-150000.102.1",
            "python-curses": "2.7.18-150000.102.1",
            "python-doc-pdf": "2.7.18-150000.102.1",
            "python-doc": "2.7.18-150000.102.1",
            "python-xml": "2.7.18-150000.102.1",
            "python-demo": "2.7.18-150000.102.1",
            "python": "2.7.18-150000.102.1",
            "libpython2_7-1_0": "2.7.18-150000.102.1",
            "python-gdbm": "2.7.18-150000.102.1",
            "python-idle": "2.7.18-150000.102.1",
            "python-tk": "2.7.18-150000.102.1",
            "libpython2_7-1_0-32bit": "2.7.18-150000.102.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0590-1.json"
python-doc

Package

Name
python-doc
Purl
pkg:rpm/opensuse/python-doc&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.18-150000.102.1

Ecosystem specific 

{
    "binaries": [
        {
            "python-base-32bit": "2.7.18-150000.102.1",
            "python-devel": "2.7.18-150000.102.1",
            "python-32bit": "2.7.18-150000.102.1",
            "python-base": "2.7.18-150000.102.1",
            "python-curses": "2.7.18-150000.102.1",
            "python-doc-pdf": "2.7.18-150000.102.1",
            "python-doc": "2.7.18-150000.102.1",
            "python-xml": "2.7.18-150000.102.1",
            "python-demo": "2.7.18-150000.102.1",
            "python": "2.7.18-150000.102.1",
            "libpython2_7-1_0": "2.7.18-150000.102.1",
            "python-gdbm": "2.7.18-150000.102.1",
            "python-idle": "2.7.18-150000.102.1",
            "python-tk": "2.7.18-150000.102.1",
            "libpython2_7-1_0-32bit": "2.7.18-150000.102.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0590-1.json"
SUSE:Linux Enterprise Module for Package Hub 15 SP7
python

Package

Name
python
Purl
pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.18-150000.102.1

Ecosystem specific 

{
    "binaries": [
        {
            "python-gdbm": "2.7.18-150000.102.1",
            "python-xml": "2.7.18-150000.102.1",
            "python-base": "2.7.18-150000.102.1",
            "python": "2.7.18-150000.102.1",
            "python-curses": "2.7.18-150000.102.1",
            "libpython2_7-1_0": "2.7.18-150000.102.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0590-1.json"
python-base

Package

Name
python-base
Purl
pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.18-150000.102.1

Ecosystem specific 

{
    "binaries": [
        {
            "python-gdbm": "2.7.18-150000.102.1",
            "python-xml": "2.7.18-150000.102.1",
            "python-base": "2.7.18-150000.102.1",
            "python": "2.7.18-150000.102.1",
            "python-curses": "2.7.18-150000.102.1",
            "libpython2_7-1_0": "2.7.18-150000.102.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0590-1.json"